Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <81248692-56d1-4312-9813-d347bb6b41b8@oracle.com>
Date: Tue, 17 Mar 2026 14:12:34 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Re: libexpat 2.7.5 fixes three vulnerabilities (2x
 null deref, 1x infinite loop)

On 3/17/26 13:48, Sebastian Pipping wrote:
> Hello oss-security,
> 
> 
> just a quick note that libexpat 2.7.5 (or "Expat 2.7.5") released
> today is fixing three vulnerabilities.
> 
> Some key links are:
> 
> - The blog post about it:
>    https://blog.hartwork.org/posts/expat-2-7-5-released/

I note the blog post also reminds us:

   "So much for the fixed vulnerabilities. There are also three known unfixed
    security issues remaining in libexpat, and there is a GitHub issue listing
    known unfixed security issues in libexpat for anyone interested."

with a link to https://github.com/libexpat/libexpat/issues/1160 inline.

-- 
         -Alan Coopersmith-                 alan.coopersmith@...cle.com
          Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.