Changes: Add note on impact of CVE-2022-43680

2026-01-27 01:44:29 +00:00 · 2022-10-25 15:21:40 +02:00 · 2022-10-25 15:21:40 +02:00 · fe8ff0345f
commit fe8ff0345f
parent acbbef9420
1 changed files with 3 additions and 1 deletions
--- a/expat/Changes
+++ b/expat/Changes
@ -6,7 +6,9 @@ Release 2.5.0 Tue October 25 2022
        Security fixes:
  #616 #649 #650  CVE-2022-43680 -- Fix heap use-after-free after overeager
                    destruction of a shared DTD in function
-                    XML_ExternalEntityParserCreate in out-of-memory situations
+                    XML_ExternalEntityParserCreate in out-of-memory situations.
+                    Expected impact is denial of service or potentially
+                    arbitrary code execution.

        Bug fixes:
       #612 #645  Fix curruption from undefined entities