update: expat #1348

dongsupark · 2024-02-07T14:06:02Z

Name: expat
CVEs: CVE-2023-52425, CVE-2024-28757
CVSSs: 7.5, tbd
Action Needed: update to >= 2.6.2

Summary:

CVE-2023-52425: libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
CVE-2024-28757: vulnerable to billion laughs attacks with isolated use of external parsers

refmap.gentoo: https://bugs.gentoo.org/923951, https://bugs.gentoo.org/926786

tormath1 · 2024-03-12T08:24:34Z

dongsupark added security security concerns advisory security advisory cvss/HIGH > 7 && < 9 assessed CVSS labels Feb 7, 2024

github-actions bot mentioned this issue Feb 22, 2024

Monthly contributions report 2024-01-22 - 2024-02-21 #1369

Closed

github-actions bot mentioned this issue Mar 22, 2024

Monthly contributions report 2024-02-22 - 2024-03-21 #1398

Closed

github-actions bot mentioned this issue Apr 22, 2024

Monthly contributions report 2024-03-22 - 2024-04-21 #1435

Closed

krnowak mentioned this issue Apr 23, 2024

Weekly portage-stable package updates 2024-04-22 flatcar/scripts#1949

Merged

2 tasks

krnowak closed this as completed in flatcar/scripts#1949 Apr 25, 2024

github-actions bot mentioned this issue May 22, 2024

Monthly contributions report 2024-04-22 - 2024-05-21 #1451

Closed

Provide feedback