Download it now!
Bug 99078 - bump expat to 2.1.1
Summary: bump expat to 2.1.1
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
5.2.0.0.alpha0+
Hardware: All All
: medium normal
Assignee: David Tardon
URL:
Whiteboard: target:5.2.0 target:5.1.3
Keywords: security
Depends on:
Blocks: 100807
  Show dependency treegraph
 
Reported: 2016-04-04 11:04 UTC by JoNi
Modified: 2016-10-25 19:02 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description JoNi 2016-04-04 11:04:31 UTC
after a long time expat xml parser got an update
http://expat.sourceforge.net/

mainly fixing overflow
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1283
Comment 1 David Tardon 2016-04-05 07:43:09 UTC
For the record: fixed by commit https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=ac19ed0fed3197af2ed3f07e00185befcb90a8fe .
Comment 2 Commit Notification 2016-04-05 11:28:07 UTC
David Tardon committed a patch related to this issue.
It has been pushed to "libreoffice-5-1":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=5e32c0ef771e0d44b4c747c26724572382f8e863&h=libreoffice-5-1

tdf#99078 upload expat 2.1.1

It will be available in 5.1.3.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.