The following issue has been SUBMITTED. ====================================================================== https://public.kitware.com/Bug/view.php?id=16095 ====================================================================== Reported By: Sebastian Pipping Assigned To: ====================================================================== Project: CMake Issue ID: 16095 Category: CMake Reproducibility: always Severity: major Priority: normal Status: new ====================================================================== Date Submitted: 2016-05-05 12:36 EDT Last Modified: 2016-05-05 12:36 EDT ====================================================================== Summary: Latest CMake bundles insecure copy of Expat Description: I found that even recent CMake bundles a copy of libexpat in folder "Utilities/cmexpat" [1] that is 12 years old (version 1.95.2 [2]) and has known security issues. Due to the auto-detection of Expat at [3], I do not worry about users of Linux or OS X too much. How about Windows?
Please consider resolving the bundled copy or update to the latest release of Expat. Thank you! Best, Sebastian [1] https://github.com/Kitware/CMake/tree/1d4ab06a7045edf366c689ba5e29bbc35d08718e/Utilities/cmexpat [2] https://github.com/Kitware/CMake/blob/1d4ab06a7045edf366c689ba5e29bbc35d08718e/Utilities/cmexpat/expat.h#L732 [3] https://github.com/Kitware/CMake/blob/1d4ab06a7045edf366c689ba5e29bbc35d08718e/CMakeLists.txt#L417 ====================================================================== Issue History Date Modified Username Field Change ====================================================================== 2016-05-05 12:36 Sebastian PippingNew Issue ====================================================================== -- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: http://public.kitware.com/mailman/listinfo/cmake-developers