Home
last modified time | relevance | path

Searched hist:"54 da5ba9" (Results 1 – 4 of 4) sorted by relevance

/aoo41x/main/expat/prj/
H A Dd.lstdiff 54da5ba9 Wed Jul 05 12:20:58 UTC 2017 Jim Jagielski <jim@apache.org> Merge r1755873, r1800568 from trunk:

#i127069#: bundled expat version 2.1.0 has two vulnerabilities

Upgrade bundled expat to version 2.2.0, which fixes:
CVE-2016-5300
CVE-2012-6702

It is not known whether these can be exploited when expat is used
as part of OpenOffice. All of input files to expat seem to come
from the OpenOffice source.

One patch is needed to the expat source, without which saxparser
crashes during the build. It has been submitted upstream, see
<https://sourceforge.net/p/expat/bugs/539/>. It is only triggered
when building expat with -DXML_UNICODE which is not the default,
but this flag is used when building the bundled expat.



#i127461#: Update bundled expat to version 2.2.1

Version 2.2.0 that is bundled in trunk has vulnerabilities CVE-2017-9233
and CVE-2016-9063 and other potential problems. It is not known whether
these impact OpenOffice.

The patch for <https://sourceforge.net/p/expat/bugs/539/> is included so
we no longer need a local patch for that. We do need a new patch to
work around the lack of <stdint.h> in MS Visual Studio 9.0.


Submitted by: truckman
Reviewed by: jim


git-svn-id: https://svn.apache.org/repos/asf/openoffice/branches/AOO414@1800869 13f79535-47bb-0310-9956-ffa450edef68
/aoo41x/main/expat/
H A Dmakefile.mkdiff 54da5ba9 Wed Jul 05 12:20:58 UTC 2017 Jim Jagielski <jim@apache.org> Merge r1755873, r1800568 from trunk:

#i127069#: bundled expat version 2.1.0 has two vulnerabilities

Upgrade bundled expat to version 2.2.0, which fixes:
CVE-2016-5300
CVE-2012-6702

It is not known whether these can be exploited when expat is used
as part of OpenOffice. All of input files to expat seem to come
from the OpenOffice source.

One patch is needed to the expat source, without which saxparser
crashes during the build. It has been submitted upstream, see
<https://sourceforge.net/p/expat/bugs/539/>. It is only triggered
when building expat with -DXML_UNICODE which is not the default,
but this flag is used when building the bundled expat.



#i127461#: Update bundled expat to version 2.2.1

Version 2.2.0 that is bundled in trunk has vulnerabilities CVE-2017-9233
and CVE-2016-9063 and other potential problems. It is not known whether
these impact OpenOffice.

The patch for <https://sourceforge.net/p/expat/bugs/539/> is included so
we no longer need a local patch for that. We do need a new patch to
work around the lack of <stdint.h> in MS Visual Studio 9.0.


Submitted by: truckman
Reviewed by: jim


git-svn-id: https://svn.apache.org/repos/asf/openoffice/branches/AOO414@1800869 13f79535-47bb-0310-9956-ffa450edef68
/aoo41x/main/
H A DLICENSEdiff 54da5ba9 Wed Jul 05 12:20:58 UTC 2017 Jim Jagielski <jim@apache.org> Merge r1755873, r1800568 from trunk:

#i127069#: bundled expat version 2.1.0 has two vulnerabilities

Upgrade bundled expat to version 2.2.0, which fixes:
CVE-2016-5300
CVE-2012-6702

It is not known whether these can be exploited when expat is used
as part of OpenOffice. All of input files to expat seem to come
from the OpenOffice source.

One patch is needed to the expat source, without which saxparser
crashes during the build. It has been submitted upstream, see
<https://sourceforge.net/p/expat/bugs/539/>. It is only triggered
when building expat with -DXML_UNICODE which is not the default,
but this flag is used when building the bundled expat.



#i127461#: Update bundled expat to version 2.2.1

Version 2.2.0 that is bundled in trunk has vulnerabilities CVE-2017-9233
and CVE-2016-9063 and other potential problems. It is not known whether
these impact OpenOffice.

The patch for <https://sourceforge.net/p/expat/bugs/539/> is included so
we no longer need a local patch for that. We do need a new patch to
work around the lack of <stdint.h> in MS Visual Studio 9.0.


Submitted by: truckman
Reviewed by: jim


git-svn-id: https://svn.apache.org/repos/asf/openoffice/branches/AOO414@1800869 13f79535-47bb-0310-9956-ffa450edef68
H A Dexternal_deps.lstdiff 54da5ba9 Wed Jul 05 12:20:58 UTC 2017 Jim Jagielski <jim@apache.org> Merge r1755873, r1800568 from trunk:

#i127069#: bundled expat version 2.1.0 has two vulnerabilities

Upgrade bundled expat to version 2.2.0, which fixes:
CVE-2016-5300
CVE-2012-6702

It is not known whether these can be exploited when expat is used
as part of OpenOffice. All of input files to expat seem to come
from the OpenOffice source.

One patch is needed to the expat source, without which saxparser
crashes during the build. It has been submitted upstream, see
<https://sourceforge.net/p/expat/bugs/539/>. It is only triggered
when building expat with -DXML_UNICODE which is not the default,
but this flag is used when building the bundled expat.



#i127461#: Update bundled expat to version 2.2.1

Version 2.2.0 that is bundled in trunk has vulnerabilities CVE-2017-9233
and CVE-2016-9063 and other potential problems. It is not known whether
these impact OpenOffice.

The patch for <https://sourceforge.net/p/expat/bugs/539/> is included so
we no longer need a local patch for that. We do need a new patch to
work around the lack of <stdint.h> in MS Visual Studio 9.0.


Submitted by: truckman
Reviewed by: jim


git-svn-id: https://svn.apache.org/repos/asf/openoffice/branches/AOO414@1800869 13f79535-47bb-0310-9956-ffa450edef68

Completed in 50 milliseconds