FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

expat -- multiple vulnerabilities

Affected packages
expat < 2.1.1_1

Details

VuXML ID c9c252f5-2def-11e6-ae88-002590263bf5
Discovery 2016-03-18
Entry 2016-06-09
Modified 2016-11-06

Sebastian Pipping reports:

CVE-2012-6702 -- Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue #496)

CVE-2016-5300 -- Use more entropy for hash initialization than the original fix to CVE-2012-0876.

[source]

References

CVE Name CVE-2012-6702
CVE Name CVE-2016-5300
FreeBSD PR ports/210155
URL http://www.openwall.com/lists/oss-security/2016/03/18/3
URL https://sourceforge.net/p/expat/code_git/ci/07cc2fcacf81b32b2e06aa918df51756525240c0/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.