FEDORA-2019-672ae0f060 created by jorton 10 months ago for Fedora 29
stable

This update of expat fixes the following security issue:

  • CVE-2019-15903 -- Fix heap overflow triggered by XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype

The following bug fixes are also included:

  • Fix cases where XML_StopParser did not have any effect when called from inside of an end element handler
  • xmlwf: Fix exit code for operation without "-d DIRECTORY" previously, only "-d DIRECTORY" would give you a proper exit code

How to install

sudo dnf upgrade --advisory=FEDORA-2019-672ae0f060

This update has been submitted for testing by jorton.

10 months ago

This update's test gating status has been changed to 'waiting'.

10 months ago

This update's test gating status has been changed to 'ignored'.

10 months ago

This update has been pushed to testing.

10 months ago

jorton edited this update.

10 months ago

jorton edited this update.

10 months ago

jorton edited this update.

10 months ago
User Icon pwalter commented & provided feedback 10 months ago
karma

Works

jorton edited this update.

10 months ago

jorton edited this update.

10 months ago

This update can be pushed to stable now if the maintainer wishes

9 months ago

This update has been submitted for stable by bodhi.

9 months ago

This update has been pushed to stable.

9 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
10 months ago
in testing
10 months ago
in stable
9 months ago
modified
10 months ago
BZ#1752592 CVE-2019-15903 expat: heap-based buffer over-read via crafted XML input
0
0
BZ#1752596 CVE-2019-15903 expat: heap-based buffer over-read via crafted XML input [fedora-all]
0
0

Automated Test Results