Source: expat Version: 2.2.6-1 Severity: important Tags: security upstream Forwarded: https://github.com/libexpat/libexpat/issues/186
Hi, The following vulnerability was published for expat. CVE-2018-20843[0]: | In libexpat in Expat before 2.2.7, XML input including XML names that | contain a large number of colons could make the XML parser consume a | high amount of RAM and CPU resources while processing (enough to be | usable for denial-of-service attacks). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20843 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843 [1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226 [2] https://github.com/libexpat/libexpat/issues/186 [3] https://github.com/libexpat/libexpat/pull/262 Please adjust the affected versions in the BTS as needed. Regards, Salvatore