Security release. https://github.com/libexpat/libexpat/blob/R_2_8_2/expat/Changes
Plugs CVEs: CVE-2026-50219: Disallow calls to functions `XML_GetBuffer`, `XML_Parse`, `XML_ParseBuffer`, `XML_ParserFree`, `XML_ParserReset` to guard Expat bindings from memory corruption. CVE-2026-56131: Protect XML_ResumeParser from being called from a handler, plugging a hole in the fix to CVE-2026-50219 CVE-2026-56132: Fix out-of-bound scaffolding index store in `doProlog` CVE-2026-56403: Integer overflow in `storeAtts` CVE-2026-56404: Integer overflow in `addBinding` CVE-2026-56405: Integer overflow in `getAttributeId` CVE-2026-56406: Integer overflow in `XML_ParseBuffer` CVE-2026-56407: Integer overflow in `textLen` handling CVE-2026-56408: Integer overflow in `copyString` CVE-2026-56409: xmlwf: Integer overflow in output path join CVE-2026-56410: xmlwf: Integer overflow in `resolveSystemId` CVE-2026-56411: xmlwf: Integer overflow in notation list allocation CVE-2026-56412: Guard XML_TOK_DATA_CHARS handler calls in `doCdataSection`, plugging a hole in the fix to CVE-2026-50219 Signed-off-by: Christian Melki <[email protected]> --- rules/expat.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/expat.make b/rules/expat.make index 411afc4eb..acf88b4d8 100644 --- a/rules/expat.make +++ b/rules/expat.make @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_EXPAT) += expat # # Paths and names # -EXPAT_VERSION := 2.8.1 -EXPAT_SHA256 := f5833dd2e1cd7739ec9182804a1a29c4f0cc7c2f26b633d3a2188b7766a88ecb +EXPAT_VERSION := 2.8.2 +EXPAT_SHA256 := 69e7f52417d85b1c2b7fe855e176eec55d0b2d7d92d691372d833a1c7df7923b EXPAT := expat-$(EXPAT_VERSION) EXPAT_SUFFIX := tar.bz2 EXPAT_RELEASE := R_$(subst .,_,$(EXPAT_VERSION)) -- 2.43.0
