Version: 2.2.5 Released: 31 October 2017 Sources from: https://github.com/libexpat/libexpat/releases Changelog: https://github.com/libexpat/libexpat/blob/R_2_2_5/expat/Changes Depends on:
21 June 2016, Expat 2.2.0 released. Release 2.2.0 includes security & other bug fixes. Security fixes CVE-2016-0718 (issue 537) Fix crash on malformed input CVE-2016-4472 Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716 introduced with Expat 2.1.1 CVE-2016-5300 (issue 499) Use more entropy for hash initialization than the original fix to CVE-2012-0876 CVE-2012-6702 (issue 519) Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue 496)
Mar 24 2012 expat-2.1.0.README
This new release of the Expat XML parser contains mostly bug fixes and patches to the build system. A conditional feature to extract attribute byte offsets has been added as well. It is highly recommended to upgrade to this new version as it fixes all known security vulnerabilities (see below - identified by CVE numbers). Changes in Expat 2.1.0: - Bug Fixes: #1742315: Harmful XML_ParserCreateNS suggestion. #2895533: CVE-2012-1147 - Resource leak in readfilemap.c. #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3. #1983953, 2517952, 2517962, 2649838: Build modifications using autoreconf instead of buildconf.sh. #2815947, #2884086: OBJEXT and EXEEXT support while building. #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences. #2517938: xmlwf should return non-zero exit status if not well-formed. #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml. #2855609: Dangling positionPtr after error. #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8(). #2958794: CVE-2012-1148 - Memory leak in poolGrow. #2990652: CMake support. #3010819: UNEXPECTED_STATE with a trailing "%" in entity value. #3206497: Unitialized memory returned from XML_Parse. #3287849: make check fails on mingw-w64. #3496608: CVE-2012-0876 - Hash DOS attack. - Patches: #1749198: pkg-config support. #3010222: Fix for bug #3010819. #3312568: CMake support. #3446384: Report byte offsets for attr names and values. - New Features / API changes: Added new API member XML_SetHashSalt() that allows setting an intial value (salt) for hash calculations. This is part of the fix for bug #3496608 to randomize hash parameters. When compiled with XML_ATTR_INFO defined, adds new API member XML_GetAttributeInfo() that allows retrieving the byte offsets for attribute names and values (patch #3446384). Added CMake build system. See bug #2990652 and patch #3312568. Added run-benchmark target to Makefile.in - relies on testdata module present in the same relative location as in the repository.
06B14FF8F2F0960F8778E9ED09E2208D aixtools.expat.18.104.22.168.I 5C18BFA076FA1A21639F6A0EA16BF579 aixtools.expat.22.214.171.124.aix537.I B02E903AEFC08FD28609DFF4B3F4B275 aixtools.expat.126.96.36.199.aix537.I