Security release.
https://github.com/libexpat/libexpat/blob/R_2_8_2/expat/Changes

Plugs CVEs:
CVE-2026-50219: Disallow calls to functions `XML_GetBuffer`, `XML_Parse`,
`XML_ParseBuffer`, `XML_ParserFree`, `XML_ParserReset` to guard
Expat bindings from memory corruption.
CVE-2026-56131: Protect XML_ResumeParser from being called from a handler,
plugging a hole in the fix to CVE-2026-50219
CVE-2026-56132: Fix out-of-bound scaffolding index store in `doProlog`
CVE-2026-56403: Integer overflow in `storeAtts`
CVE-2026-56404: Integer overflow in `addBinding`
CVE-2026-56405: Integer overflow in `getAttributeId`
CVE-2026-56406: Integer overflow in `XML_ParseBuffer`
CVE-2026-56407: Integer overflow in `textLen` handling
CVE-2026-56408: Integer overflow in `copyString`
CVE-2026-56409: xmlwf: Integer overflow in output path join
CVE-2026-56410: xmlwf: Integer overflow in `resolveSystemId`
CVE-2026-56411: xmlwf: Integer overflow in notation list allocation
CVE-2026-56412: Guard XML_TOK_DATA_CHARS handler calls in `doCdataSection`,
plugging a hole in the fix to CVE-2026-50219

Signed-off-by: Christian Melki <[email protected]>
---
 rules/expat.make | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/expat.make b/rules/expat.make
index 411afc4eb..acf88b4d8 100644
--- a/rules/expat.make
+++ b/rules/expat.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_EXPAT) += expat
 #
 # Paths and names
 #
-EXPAT_VERSION          := 2.8.1
-EXPAT_SHA256           := 
f5833dd2e1cd7739ec9182804a1a29c4f0cc7c2f26b633d3a2188b7766a88ecb
+EXPAT_VERSION          := 2.8.2
+EXPAT_SHA256           := 
69e7f52417d85b1c2b7fe855e176eec55d0b2d7d92d691372d833a1c7df7923b
 EXPAT                  := expat-$(EXPAT_VERSION)
 EXPAT_SUFFIX           := tar.bz2
 EXPAT_RELEASE          := R_$(subst .,_,$(EXPAT_VERSION))
-- 
2.43.0


Reply via email to