Issue metadata
Sign in to add a comment
|
Need to update to latest libexpat 2.2.1 |
||||||||||||||||||||||
Issue descriptionIt has security fixes.
,
Jun 22 2017
Setting Medium severity as per ChangeLog: https://github.com/libexpat/libexpat/blob/master/expat/Changes The security issues fixed in that release don't seem to be too dangerous, but everything is public, so Medium looks good to me. Feel free to change if you disagree.
,
Jul 6 2017
dominicc: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 6 2017
@dominicc I can handle this issue next week if you have not time.
,
Jul 11 2017
Go for it!
,
Jul 25 2017
dominicc: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 3 2017
Is there any update here? Expat is now at version 2.2.3, with more fixes: ========== Hi! Just a quick note that Expat 2.2.3 has been released. For Windows users, it fixes DLL hijacking (CVE-2017-11742 [1]). On Linux, extracting entropy for Hash DoS protection no longer blocks, which affected D-Bus and systems that are low on entropy early in the boot process. For more details, please check the change log [2]. Best Sebastian [1] https://www.cvedetails.com/cve/CVE-2017-11742/ [2] https://github.com/libexpat/libexpat/blob/master/expat/Changes
,
Aug 7 2017
I'm back from vacation! qingchengl, did this get rolled?
,
Aug 10 2017
Haven't heard from qingchengl, taking a look myself.
,
Aug 10 2017
,
Aug 23 2017
There is Expat 2.2.4 now with a major bugfix regarding UTF-8 files that you may want as well. On the patches I have seen in Gerrit, it would be cool if those were made pull requests on GitHub for discussion upstream.
,
Aug 25 2017
,
Aug 28 2017
Issue 758591 has been merged into this issue.
,
Sep 6 2017
,
Sep 20 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6b772b360ccbb922faf5294227a8869aebceed13 commit 6b772b360ccbb922faf5294227a8869aebceed13 Author: Dominic Cooney <dominicc@chromium.org> Date: Wed Sep 20 04:02:12 2017 Roll libexpat to 2.2.3 Bug: 735752 Change-Id: Ic4b85154f2183b4735b03dad03061f233d84be7a Reviewed-on: https://chromium-review.googlesource.com/608988 Reviewed-by: Nick Carter <nick@chromium.org> Commit-Queue: Dominic Cooney <dominicc@chromium.org> Cr-Commit-Position: refs/heads/master@{#503040} [add] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/0001-Expat-external-symbol-visibility.patch [add] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/0002-Do-not-redefine-lean-and-mean.patch [add] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/0003-Add-missing-include-for-malloc-free.patch [add] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/0004-Remove-truncating-cast-of-constant.patch [modify] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/BUILD.gn [modify] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/README.chromium [add] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/AUTHORS [modify] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/COPYING [modify] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/Changes [modify] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/MANIFEST [delete] https://crrev.com/f7bf39bae5c77ae3e18c1b5273c0efd6eca17b2b/third_party/expat/files/README [add] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/README.md [delete] https://crrev.com/f7bf39bae5c77ae3e18c1b5273c0efd6eca17b2b/third_party/expat/files/lib/amigaconfig.h [modify] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/lib/expat.h [modify] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/lib/expat_config.h [modify] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/lib/expat_external.h [delete] https://crrev.com/f7bf39bae5c77ae3e18c1b5273c0efd6eca17b2b/third_party/expat/files/lib/expat_external.h.original [modify] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/lib/libexpat.def [modify] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/lib/libexpatw.def [add] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/lib/loadlibrary.c [delete] https://crrev.com/f7bf39bae5c77ae3e18c1b5273c0efd6eca17b2b/third_party/expat/files/lib/macconfig.h [add] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/lib/siphash.h [modify] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/lib/winconfig.h [delete] https://crrev.com/f7bf39bae5c77ae3e18c1b5273c0efd6eca17b2b/third_party/expat/files/lib/winconfig.h.original [modify] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/lib/xmlparse.c [delete] https://crrev.com/f7bf39bae5c77ae3e18c1b5273c0efd6eca17b2b/third_party/expat/files/lib/xmlparse.c.original [modify] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/lib/xmlrole.c [modify] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/lib/xmltok.c [delete] https://crrev.com/f7bf39bae5c77ae3e18c1b5273c0efd6eca17b2b/third_party/expat/files/lib/xmltok.c.origin [modify] https://crrev.com/6b772b360ccbb922faf5294227a8869aebceed13/third_party/expat/files/lib/xmltok_impl.c
,
Sep 25 2017
,
Oct 16 2017
,
Dec 4 2017
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by palmer@chromium.org
, Jun 22 2017