On 3/15/24 09:57, Alan Coopersmith wrote:
https://blog.hartwork.org/posts/expat-2-6-2-released/ (published 2024-03-13)
announces the release of Expat 2.6.2, with security fixes:
[...]
The blog also points to the call for help maintaining libexpat in the Changelog
at https://github.com/libexpat
Hello,
A vulnerability (CVE-2024-8176) has been fixed in expat, a widely used
xml parser library:
https://blog.hartwork.org/posts/expat-2-7-0-released/
Info about the vuln has been posted here already. expat 2.7.0 fixes
multiple variations of stack overflows due to recursion and can be
triggered b
On 2025-03-13 16:50, Vulnerability Disclosure wrote:
In the following change
+if ( FT_QNEW_ARRAY( outline.points, limit + 4 ) ||
+ FT_QNEW_ARRAY( outline.tags, limit ) ||
+ FT_QNEW_ARRAY( outline.contours, limit ) ||
+ FT_QNEW_ARRAY( unrounded,
Hi Michel,
On 2025-03-13 22:54, Michel Lind wrote:
The fixes I'm working with both the Meta security folks and the EL
community (CentOS / AlmaLinux) can be tracked
herehttps://gitlab.com/redhat/centos-stream/rpms/freetype/-/merge_requests/8/diffs
I think if you're removing the 4 "phantom poin
On Fri, Mar 14, 2025, at 7:55 AM, Marc Deslauriers wrote:
> Hi Michel,
>
> On 2025-03-13 22:54, Michel Lind wrote:
>>
>> The fixes I'm working with both the Meta security folks and the EL
>> community (CentOS / AlmaLinux) can be tracked
>> herehttps://gitlab.com/redhat/centos-stream/rpms/freety
