Overview

File _patchinfo of Package patchinfo.42557

<patchinfo incident="42557">
  <issue tracker="cve" id="2026-25210"/>
  <issue tracker="cve" id="2026-24515"/>
  <issue tracker="bnc" id="1257496">VUL-0: CVE-2026-25210: expat: lack of buffer size check can lead to an integer overflow</issue>
  <issue tracker="bnc" id="1257144">VUL-0: CVE-2026-24515: expat: NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser</issue>
  <packager>pgajdos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for expat</summary>
  <description>This update for expat fixes the following issues:

- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places