From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sebastian Pipping Subject: Expat 2.2.7 with security fixes has been released / CVE-2018-20843 Date: Fri, 28 Jun 2019 00:21:00 +0200 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:41476) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hgcle-0004NB-RQ for guix-devel@gnu.org; Thu, 27 Jun 2019 18:21:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hgclc-0000ZC-WB for guix-devel@gnu.org; Thu, 27 Jun 2019 18:21:22 -0400 Received: from smtprelay07.ispgateway.de ([134.119.228.104]:46331) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hgclc-0000VE-8v for guix-devel@gnu.org; Thu, 27 Jun 2019 18:21:20 -0400 Content-Language: en-US List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: sebastian@pipping.org Hello everyone! Sorry for the noise if you heard about the release of 2.2.7 about a week ago through some other channel and maybe even took action, already! To be quick, there is one DoS fix — for CVE-2018-20843 [1] — and misc build system fixes. The change log with details is up at [2]. If you happen to have patches for Expat that are still required with 2.2.7, please send them my way. Thanks and best Sebastian [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843 [2] https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes