diff options
| author | Don Lewis <truckman@apache.org> | 2016-08-10 21:29:48 +0000 |
|---|---|---|
| committer | Don Lewis <truckman@apache.org> | 2016-08-10 21:29:48 +0000 |
| commit | 031996fd39f6be771c772e5063225e8f61927719 (patch) | |
| tree | 3d241f744ddc8a3ddf6148800677cfa0eefab8af /external_deps.lst | |
| parent | b321c22559285400563ebd4200c6c913545f69c7 (diff) | |
#i127069#: bundled expat version 2.1.0 has two vulnerabilities
Upgrade bundled expat to version 2.2.0, which fixes:
CVE-2016-5300
CVE-2012-6702
It is not known whether these can be exploited when expat is used
as part of OpenOffice. All of input files to expat seem to come
from the OpenOffice source.
One patch is needed to the expat source, without which saxparser
crashes during the build. It has been submitted upstream, see
<https://sourceforge.net/p/expat/bugs/539/>. It is only triggered
when building expat with -DXML_UNICODE which is not the default,
but this flag is used when building the bundled expat.
Notes
Notes:
prefer: 4c28c8051ac99bd2a39ad06af35d87c2ddf2677e
Diffstat (limited to 'external_deps.lst')
| -rw-r--r-- | external_deps.lst | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/external_deps.lst b/external_deps.lst index 822a0c92bd98..9963349e322e 100644 --- a/external_deps.lst +++ b/external_deps.lst @@ -221,9 +221,9 @@ if (SYSTEM_VIGRA != YES) URL2 = $(OOO_EXTRAS)$(MD5)-$(name) if (SYSTEM_EXPAT != YES) - MD5 = dd7dab7a5fea97d2a6a43f511449b7cd - name = expat-2.1.0.tar.gz - URL1 = http://sourceforge.net/projects/expat/files/expat/2.1.0/expat-2.1.0.tar.gz/download + MD5 = 2f47841c829facb346eb6e3fab5212e2 + name = expat-2.2.0.tar.bz2 + URL1 = http://downloads.sourceforge.net/project/expat/expat/2.2.0/expat-2.2.0.tar.bz2 URL2 = $(OOO_EXTRAS)$(MD5)-$(name) if (SYSTEM_CURL != YES) |