Expat 2.2.8 with security fixes has been released
September 14, 2019
Submitted by Sebastian Pipping.
Expat 2.2.8 has been released yesterday. This release fixes a security issue — a heap buffer over-read known as CVE-2019-15903 reported by Joonun Jang resulting in Denial of Service —, starts using the
rand_s function on Windows and MinGW (ending the previous
LoadLibrary hack), includes non-security bugfixes, many build system fixes and improvements, improvements to xmlwf usability, and more.
For more details regarding the latest release, please check out the changelog.
If you maintain Expat packaging or a bundled copy of Expat or a pinned version of Expat somewhere, please update to 2.2.8. Thank you!
This article first appeared at blog.hartwork.org.