From [1]:
libexpat is a fast streaming XML parser. Alongside libxml2, Expat is one
of the most widely used software libre XML parsers written in C,
precisely C99. It is cross-platform and licensed under the MIT license.
Expat 2.4.3 has been released earlier today. Besides two minor fixes to
the build system, this release is about security fixes. There is a total
of 8 CVEs fixed, all related to fixed-size integer math (integer
overflow and invalid shifts) near memory allocation. Impact is denial of
service, or more.
* CVE-2021-45960
* CVE-2021-46143
* CVE-2022-22822
* CVE-2022-22823
* CVE-2022-22824
* CVE-2022-22825
* CVE-2022-22826
* CVE-2022-22827
For more details, please check out the change log [2].
[1] https://blog.hartwork.org/posts/expat-2-4-3-released/
[2] https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes
Exp-run by: antoine
PR: 261285
97d40c6bda