Overview

File _patchinfo of Package patchinfo.43408

<patchinfo incident="43408">
  <!--generated with prepare-update from request 404549-->
  <issue tracker="bnc" id="1259711">VUL-0: CVE-2026-32777: expat: libexpat: denial of service due to infinite loop in DTD content parsing</issue>
  <issue tracker="bnc" id="1259726">VUL-0: CVE-2026-32776: expat: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value</issue>
  <issue tracker="bnc" id="1259729">VUL-0: CVE-2026-32778: expat: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition</issue>
  <issue tracker="cve" id="2026-32776"/>
  <issue tracker="cve" id="2026-32777"/>
  <issue tracker="cve" id="2026-32778"/>
  <category>security</category>
  <rating>important</rating>
  <packager>david.anes</packager>
  <summary>Security update for expat</summary>
  <description>This update for expat fixes the following issues:

- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
  declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places