Hello everyone!

To be quick, there is one heap buffer over-read DoS fix — for
CVE-2019-15903 [1] —, two other bugfixes, and build system fixes.  The
change log with details is up at [2].

I don't expect use of the new configure option --enable-xml-attr-info in
packaging anywhere, it's disabled everywhere else.
In case anyone is using CMake in packaging Expat already, please share
any pain points and issues with me so things get better next round.

If you happen to have patches for Expat that are still required with
2.2.8, please send them my way.

Thanks and best


[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
[2] https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes

fink-core mailing list
List archive:
Subscription management:

Reply via email to