-
Thu Oct 06 2022 EL Errata <el-errata_ww@oracle.com> - 2.1.0-15.0.1
- lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910302]
-
Mon Oct 03 2022 Tomas Korbar <tkorbar@redhat.com> - 2.1.0-15
- Ensure raw tagnames are safe exiting internalEntityParser
- Resolves: CVE-2022-40674
-
Mon Mar 21 2022 Tomas Korbar <tkorbar@redhat.com> - 2.1.0-14
- Fix multiple CVEs
- CVE-2022-25236 expat: namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
- CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
- CVE-2022-25315 expat: integer overflow in storeRawNames()
- Resolves: CVE-2022-25236
- Resolves: CVE-2022-25235
- Resolves: CVE-2022-25315
-
Mon Feb 21 2022 Tomas Korbar <tkorbar@redhat.com> - 2.1.0-13
- Fix multiple CVEs
- CVE-2022-23852 expat: integer overflow in function XML_GetBuffer
- CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat
- CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c
- CVE-2022-22827 Integer overflow in storeAtts in xmlparse.c
- CVE-2022-22826 Integer overflow in nextScaffoldPart in xmlparse.c
- CVE-2022-22825 Integer overflow in lookup in xmlparse.c
- CVE-2022-22824 Integer overflow in defineAttribute in xmlparse.c
- CVE-2022-22823 Integer overflow in build_model in xmlparse.c
- CVE-2022-22822 Integer overflow in addBinding in xmlparse.c
- Resolves: CVE-2022-23852
- Resolves: CVE-2021-45960
- Resolves: CVE-2021-46143
- Resolves: CVE-2022-22827
- Resolves: CVE-2022-22826
- Resolves: CVE-2022-22825
- Resolves: CVE-2022-22824
- Resolves: CVE-2022-22823
- Resolves: CVE-2022-22822
-
Thu Apr 02 2020 Joe Orton <jorton@redhat.com> - 2.1.0-12
- add security fixes for CVE-2018-20843, CVE-2019-15903
-
Thu Jul 25 2019 Joe Orton <jorton@redhat.com> - 2.1.0-11
- add security fix for CVE-2015-2716
-
Thu Nov 24 2016 Joe Orton <jorton@redhat.com> - 2.1.0-10
- updated security fix for CVE-2016-0718
-
Thu Nov 24 2016 Joe Orton <jorton@redhat.com> - 2.1.0-9
- add security fix for CVE-2016-0718
-
Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.1.0-8
- Mass rebuild 2014-01-24
-
Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.1.0-7
- Mass rebuild 2013-12-27