Changelog for
expat-static-2.5.0-2.el9_4.x86_64.rpm :
* Tue Feb 13 2024 Tomas Korbar
- 2.5.0-2- Fix parsing of large tokens- Reject direct parameter entity recursion- Resolves: RHEL-29699- Resolves: RHEL-29696
* Thu Nov 10 2022 Tomas Korbar - 2.5.0-1- Rebase to version 2.5.0- Resolves: CVE-2022-43680
* Thu Sep 29 2022 Tomas Korbar - 2.4.9-1- Rebase to version 2.4.9- Resolves: CVE-2022-40674
* Tue Apr 26 2022 Tomas Korbar - 2.4.7-1- Rebase to version 2.4.7- Resolves: rhbz#2067201- Resolves: CVE-2022-25313- Resolves: CVE-2022-25314- Resolves: CVE-2022-25236
* Mon Mar 14 2022 Tomas Korbar - 2.2.10-11- Improve fix for CVE-2022-25236- Related: CVE-2022-25236
* Mon Feb 28 2022 Tomas Korbar - 2.2.10-10- Fix multiple CVEs- CVE-2022-25236 expat: namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution- CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution- CVE-2022-25315 expat: integer overflow in storeRawNames()- Resolves: CVE-2022-25236- Resolves: CVE-2022-25235- Resolves: CVE-2022-25315