Overview

File _patchinfo of Package patchinfo.22630

<patchinfo incident="22630">
  <issue tracker="bnc" id="1195054">VUL-0: CVE-2022-23852: expat: Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.</issue>
  <issue tracker="bnc" id="1195217">VUL-1: CVE-2022-23990: expat: integer overflow in the doProlog function</issue>
  <issue tracker="cve" id="2022-23852"/>
  <issue tracker="cve" id="2022-23990"/>
  <packager>david.anes</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for expat</summary>
  <description>This update for expat fixes the following issues:

- CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054).
- CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places