Update expat to 2.2.0 (!943) · Merge requests · GitLab.org / omnibus-gitlab · GitLab

Takuya Noguchi requested to merge tnir/omnibus-gitlab:expat-2.2.0 into master Aug 16, 2016

Expat 2.2.0 (released on 2016-06-21) includes security & other bug fixes as described in its changelog.

Security fixes

CVE-2016-0718
- Fix crash on malformed input
CVE-2016-4472
- Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716 introduced with Expat 2.1.1
CVE-2016-5300
- Use more entropy for hash initialization than the original fix to CVE-2012-0876
CVE-2012-6702
- Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876

Bug fixes

Fix uninitialized reads of size 1 (e.g. in little2_updatePosition)
Fix detection of UTF-8 character boundaries

Edited Apr 14, 2021 by Takuya Noguchi