Thanks, applied as beb67a2f401003677bd7e2a59b25b5e23f480e93. Michael
[sent from post-receive hook] On Wed, 27 May 2026 23:54:53 +0200, Christian Melki <[email protected]> wrote: > Minor fix release. > https://github.com/libexpat/libexpat/blob/R_2_8_1/expat/Changes > > Plugs CVE: > CVE-2026-45186: Fix quadratic runtime from attribute name > collision checks that allowed denial of service attacks > > Signed-off-by: Christian Melki <[email protected]> > Message-Id: <[email protected]> > Signed-off-by: Michael Olbrich <[email protected]> > > diff --git a/rules/expat.make b/rules/expat.make > index 5819279aa713..411afc4eb8a0 100644 > --- a/rules/expat.make > +++ b/rules/expat.make > @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_EXPAT) += expat > # > # Paths and names > # > -EXPAT_VERSION := 2.8.0 > -EXPAT_SHA256 := > 586494499ac3ad46d87f3beda7b1f770c1c8026a9b60e151593f8b29089a52ca > +EXPAT_VERSION := 2.8.1 > +EXPAT_SHA256 := > f5833dd2e1cd7739ec9182804a1a29c4f0cc7c2f26b633d3a2188b7766a88ecb > EXPAT := expat-$(EXPAT_VERSION) > EXPAT_SUFFIX := tar.bz2 > EXPAT_RELEASE := R_$(subst .,_,$(EXPAT_VERSION))
