Updated expat packages fix security vulnerability
Publication date: 03 Feb 2022Modification date: 03 Feb 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-23852 , CVE-2022-23990
Description
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852) Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)
References
SRPMS
8/core
- expat-2.2.10-1.2.mga8