[Bug 256121] [exp-run] texproc/expat2: update to 2.4.1 (fixes CVE-2013-0340/CWE-776)

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 256121] [exp-run] texproc/expat2: update to 2.4.1 (fixes CVE-2013-0340/CWE-776)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 27 May 2021 08:58:07 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256121

--- Comment #3 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=1454ab40206b85f94edb6390e0d96c9716a07399

commit 1454ab40206b85f94edb6390e0d96c9716a07399
Author:     Tobias C. Berner <tcberner@FreeBSD.org>
AuthorDate: 2021-05-24 14:38:28 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2021-05-27 08:56:26 +0000

    textprox/expat2: update to 2.4.1 -- fixes CVE-2013-0340/CWE-776

    See [1] for details:
            Expat 2.4.0 and follow-up release 2.4.1 have both been released
earlier
            today (21-05-23). Release 2.4.0 fixes long known security issue
CVE-2013-0340 by
            adding protection against so-called Billion Laughs Attacks, a form
of
            denial of service against applications accepting XML input, in all
known
            variations, including recent flavor Parameter Laughs.

    [1]
https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0

    PR:             256121
    Exp-run by:     antoine

 textproc/expat2/Makefile  |  4 +++-
 textproc/expat2/distinfo  |  6 +++---
 textproc/expat2/pkg-plist | 10 +++++-----
 3 files changed, 11 insertions(+), 9 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.