[ol8_u10_baseos_base] expat-devel-2.2.5-13.0.1.el8_10.i686

Name:	expat-devel
Version:	2.2.5
Release:	13.0.1.el8_10
Architecture:	i686
Group:	Unspecified
Size:	160328
License:	MIT
RPM:	expat-devel-2.2.5-13.0.1.el8_10.i686.rpm
Source RPM:	expat-2.2.5-13.0.1.el8_10.src.rpm
Build Date:	Wed May 22 2024
Build Host:	build-ol8-i386.oracle.com
Vendor:	Oracle America
URL:	https://libexpat.github.io/
Summary:	Libraries and header files to develop applications using expat
Description:	The expat-devel package contains the libraries, include files and documentation to develop XML applications with expat.

Changelog (Show File list) (Show related packages)

Wed May 22 2024 EL Errata <el-errata_ww@oracle.com> - 2.2.5-13.0.1

- lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314]

Tue Mar 26 2024 Tomas Korbar <tkorbar@redhat.com - 2.2.5-13
```
- Fix wrongly exposed variables
- Resolves: RHEL-29321
```

Thu Mar 21 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-12

- CVE-2023-52425 expat: parsing large tokens can trigger a denial of service
- Resolves: RHEL-29321

Mon Nov 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-11

- CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
- Resolves: CVE-2022-43680

Fri Sep 30 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-10

- Ensure raw tagnames are safe exiting internalEntityParser
- Resolves: CVE-2022-40674

Fri May 06 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-9

- Fix multiple CVEs
- Resolves: CVE-2022-25314
- Resolves: CVE-2022-25313

Mon Mar 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-8

- Improve patch for CVE-2022-25236
- Related: CVE-2022-25236

Fri Mar 04 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-7
```
- Fix patch for CVE-2022-25235
- Resolves: CVE-2022-25235
```

Thu Mar 03 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-6

- Fix multiple CVEs
- CVE-2022-25236 expat: namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
- CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
- CVE-2022-25315 expat: integer overflow in storeRawNames()
- Resolves: CVE-2022-25236
- Resolves: CVE-2022-25235
- Resolves: CVE-2022-25315

Mon Feb 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-5

- Fix multiple CVEs
- CVE-2022-23852 expat: integer overflow in function XML_GetBuffer
- CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat
- CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c
- CVE-2022-22827 Integer overflow in storeAtts in xmlparse.c
- CVE-2022-22826 Integer overflow in nextScaffoldPart in xmlparse.c
- CVE-2022-22825 Integer overflow in lookup in xmlparse.c
- CVE-2022-22824 Integer overflow in defineAttribute in xmlparse.c
- CVE-2022-22823 Integer overflow in build_model in xmlparse.c
- CVE-2022-22822 Integer overflow in addBinding in xmlparse.c
- Resolves: CVE-2022-23852
- Resolves: CVE-2021-45960
- Resolves: CVE-2021-46143
- Resolves: CVE-2022-22827
- Resolves: CVE-2022-22826
- Resolves: CVE-2022-22825
- Resolves: CVE-2022-22824
- Resolves: CVE-2022-22823
- Resolves: CVE-2022-22822