diff -ur security/vuxml.orig/vuln.xml security/vuxml/vuln.xml --- security/vuxml.orig/vuln.xml 2019-09-16 14:45:32.000000000 +0300 +++ security/vuxml/vuln.xml 2019-09-17 16:49:57.238172000 +0300 @@ -58,6 +58,35 @@ * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + expat2 -- Fix extraction of namespace prefixes from XML names + + + expat2 + 2.2.8 + + + + +

expat project reports:

+
+ Fix heap overflow triggered by + XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber), + and deny internal entities closing the doctype +
+

+ + + + https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes + + + 2019-09-13 + 2019-09-17 + + + expat2 -- Fix extraction of namespace prefixes from XML names