This update includes a fix for a security vulnerability, CVE-2018-20843:
Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks
For more information on the changes in 2.2.7, see the upstream release notes at: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2019-139fcda84d
Please login to add feedback.
This update has been submitted for testing by jorton.
This update test gating status has been changed to 'waiting'.
This update test gating status has been changed to 'ignored'.
This update has been pushed to testing.
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
jorton edited this update.
This update has been submitted for stable by jorton.
This update has been pushed to stable.