Source: expat Version: 2.4.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/libexpat/libexpat/issues/531 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 2.2.10-2 Control: found -1 2.2.6-2+deb10u1 Control: found -1 2.2.6-2
Hi, The following vulnerability was published for expat. CVE-2021-45960[0]: | In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) | places in the storeAtts function in xmlparse.c can lead to realloc | misbehavior (e.g., allocating too few bytes, or only freeing memory). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-45960 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960 [1] https://github.com/libexpat/libexpat/issues/531 Regards, Salvatore
