diff -ur security/vuxml.orig/vuln.xml security/vuxml/vuln.xml --- security/vuxml.orig/vuln.xml 2019-06-28 00:05:55.000000000 +0300 +++ security/vuxml/vuln.xml 2019-06-28 16:29:43.686306000 +0300 @@ -58,6 +58,36 @@ * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + expat2 -- Fix extraction of namespace prefixes from XML names + + + expat2 + 2.2.7 + + + + +

expat project reports:

+
+ XML names with multiple colons could end up in the + wrong namespace, and take a high amount of RAM and CPU + resources while processing, opening the door to + use for denial-of-service attacks +
+

+ + + + https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes + + + 2019-06-19 + 2019-06-28 + + + PostgreSQL -- Stack-based buffer overflow via setting a password