Changes: Document CVE-2021-45960
This commit is contained in:
Sebastian Pipping
parent
0adcb34c49
commit
f82a72271c
@ -3,6 +3,20 @@ NOTE: We are looking for help with a few things:
|
|||||||
If you can help, please get in touch. Thanks!
|
If you can help, please get in touch. Thanks!
|
||||||
|
|
||||||
Release x.x.x xxx xxxxxxxx xx xxxx
|
Release x.x.x xxx xxxxxxxx xx xxxx
|
||||||
|
Security fixes:
|
||||||
|
#531 #534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places
|
||||||
|
resulting in
|
||||||
|
a) realloc acting as free
|
||||||
|
b) realloc allocating too few bytes
|
||||||
|
c) undefined behavior
|
||||||
|
depending on architecture and precise value
|
||||||
|
for XML documents with >=2^27+1 prefixed attributes
|
||||||
|
on a single XML tag a la
|
||||||
|
"<r xmlns:a='[..]' a:a123='[..]' [..] />"
|
||||||
|
where XML_ParserCreateNS is used to create the parser
|
||||||
|
(which needs argument "-n" when running xmlwf).
|
||||||
|
Impact is denial of service, or more.
|
||||||
|
|
||||||
Other changes:
|
Other changes:
|
||||||
#535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19
|
#535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19
|
||||||
#527 #528 Address compiler warnings
|
#527 #528 Address compiler warnings
|
||||||
@ -10,6 +24,11 @@ Release x.x.x xxx xxxxxxxx xx xxxx
|
|||||||
Infrastructure:
|
Infrastructure:
|
||||||
#536 CI: Check for realistic minimum CMake version
|
#536 CI: Check for realistic minimum CMake version
|
||||||
|
|
||||||
|
Special thanks to:
|
||||||
|
Tyson Smith
|
||||||
|
and
|
||||||
|
GCC Farm Project
|
||||||
|
|
||||||
Release 2.4.2 Sun December 19 2021
|
Release 2.4.2 Sun December 19 2021
|
||||||
Other changes:
|
Other changes:
|
||||||
#509 #510 Link againgst libm for function "isnan"
|
#509 #510 Link againgst libm for function "isnan"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user