Changes: Document CVE-2022-25236

This commit is contained in:
Sebastian Pipping 2022-02-12 01:30:47 +01:00
parent 2de077423f
commit e4d7e49782

View File

@ -2,6 +2,22 @@ NOTE: We are looking for help with a few things:
https://github.com/libexpat/libexpat/labels/help%20wanted https://github.com/libexpat/libexpat/labels/help%20wanted
If you can help, please get in touch. Thanks! If you can help, please get in touch. Thanks!
Release X.X.X XXX XXXXXXX XX XXXX
Security fixes:
#561 CVE-2022-25236 -- Passing (one or more) namespace separator
characters in "xmlns[:prefix]" attribute values
made Expat send malformed tag names to the XML
processor on top of Expat which can cause
arbitrary damage (e.g. code execution) depending
on such unexpectable cases are handled inside the XML
processor; validation was not their job but Expat's.
Exploits with code execution are known to exist.
Special thanks to:
Ivan Fratric
and
Google Project Zero
Release 2.4.4 Sun January 30 2022 Release 2.4.4 Sun January 30 2022
Security fixes: Security fixes:
#550 CVE-2022-23852 -- Fix signed integer overflow #550 CVE-2022-23852 -- Fix signed integer overflow