[ol7_optional_latest] expat-static-2.1.0-14.0.1.el7_9.aarch64

Name:	expat-static
Version:	2.1.0
Release:	14.0.1.el7_9
Architecture:	aarch64
Group:	Development/Libraries
Size:	190776
License:	MIT
RPM:	expat-static-2.1.0-14.0.1.el7_9.aarch64.rpm
Source RPM:	expat-2.1.0-14.0.1.el7_9.src.rpm
Build Date:	Mon Mar 28 2022
Build Host:	build-ol7-aarch64.oracle.com
Vendor:	Oracle America
URL:	http://www.libexpat.org/
Summary:	expat XML parser static library
Description:	The expat-static package contains the static version of the expat library. Install it if you need to link statically with expat.

Changelog (Show File list) (Show related packages)

Mon Mar 28 2022 Alan Steinberg <alan.steinberg@oracle.com> - 2.1.0-14.0.1

- lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910302]

Mon Mar 21 2022 Tomas Korbar <tkorbar@redhat.com> - 2.1.0-14

- Fix multiple CVEs
- CVE-2022-25236 expat: namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
- CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
- CVE-2022-25315 expat: integer overflow in storeRawNames()
- Resolves: CVE-2022-25236
- Resolves: CVE-2022-25235
- Resolves: CVE-2022-25315

Mon Feb 21 2022 Tomas Korbar <tkorbar@redhat.com> - 2.1.0-13

- Fix multiple CVEs
- CVE-2022-23852 expat: integer overflow in function XML_GetBuffer
- CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat
- CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c
- CVE-2022-22827 Integer overflow in storeAtts in xmlparse.c
- CVE-2022-22826 Integer overflow in nextScaffoldPart in xmlparse.c
- CVE-2022-22825 Integer overflow in lookup in xmlparse.c
- CVE-2022-22824 Integer overflow in defineAttribute in xmlparse.c
- CVE-2022-22823 Integer overflow in build_model in xmlparse.c
- CVE-2022-22822 Integer overflow in addBinding in xmlparse.c
- Resolves: CVE-2022-23852
- Resolves: CVE-2021-45960
- Resolves: CVE-2021-46143
- Resolves: CVE-2022-22827
- Resolves: CVE-2022-22826
- Resolves: CVE-2022-22825
- Resolves: CVE-2022-22824
- Resolves: CVE-2022-22823
- Resolves: CVE-2022-22822

Thu Apr 02 2020 Joe Orton <jorton@redhat.com> - 2.1.0-12
```
- add security fixes for CVE-2018-20843, CVE-2019-15903
```
Thu Jul 25 2019 Joe Orton <jorton@redhat.com> - 2.1.0-11
```
- add security fix for CVE-2015-2716
```
Thu Nov 24 2016 Joe Orton <jorton@redhat.com> - 2.1.0-10
```
- updated security fix for CVE-2016-0718
```
Thu Nov 24 2016 Joe Orton <jorton@redhat.com> - 2.1.0-9
```
- add security fix for CVE-2016-0718
```
Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.1.0-8
```
- Mass rebuild 2014-01-24
```
Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.1.0-7
```
- Mass rebuild 2013-12-27
```
Mon Jun 17 2013 Joe Orton <jorton@redhat.com> - 2.1.0-6
```
- fix "xmlwf -h" output (#948534)
```