Thanks, applied as 30ee313b4e2c3bf0475db38c75f859352a3ad332. Michael
[sent from post-receive hook] On Thu, 12 Sep 2024 14:12:19 +0200, Christian Melki <[email protected]> wrote: > Mainly security fixes. > https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes > > Plugs CVEs: > CVE-2024-45490 - An issue was discovered in libexpat before 2.6.3. xmlparse.c > does not reject a negative length for XML_ParseBuffer. > CVE-2024-45491 - Internal function dtdCopy can have an integer overflow for > nDefaultAtts on 32-bit platforms. > CVE-2024-45492 - Internal function nextScaffoldPart can have an integer > overflow for m_groupSize on 32-bit platforms. > > Signed-off-by: Christian Melki <[email protected]> > Message-Id: <[email protected]> > Signed-off-by: Michael Olbrich <[email protected]> > > diff --git a/rules/expat.make b/rules/expat.make > index 03f9ac6b4d40..31afb8604eae 100644 > --- a/rules/expat.make > +++ b/rules/expat.make > @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_EXPAT) += expat > # > # Paths and names > # > -EXPAT_VERSION := 2.6.2 > -EXPAT_MD5 := b246f58b25a7629fca6cbd1429400cdf > +EXPAT_VERSION := 2.6.3 > +EXPAT_MD5 := c70040a3f2743d9645cb029d3c9a7c89 > EXPAT := expat-$(EXPAT_VERSION) > EXPAT_SUFFIX := tar.bz2 > EXPAT_RELEASE := R_$(subst .,_,$(EXPAT_VERSION))
