Changes: Document integer overflow CVE-2021-46143

commit: f488b072b75d090f76aa61146ddf743813e9b81b [log] [tgz]
author: Sebastian Pipping <sebastian@pipping.org> Wed Jan 05 18:25:41 2022 +0100
committer: Sebastian Pipping <sebastian@pipping.org> Mon Jan 10 16:51:50 2022 +0100
tree: c197797f03fa6b60c858382ac57801f74c462723
parent: 85ae9a2d7d0e9358f356b33977b842df8ebaec2b [diff]
diff --git a/expat/Changes b/expat/Changes
index 4d4de0b..98d4f53 100644
--- a/expat/Changes
+++ b/expat/Changes

@@ -16,6 +16,10 @@
                     where XML_ParserCreateNS is used to create the parser
                     (which needs argument "-n" when running xmlwf).
                     Impact is denial of service, or more.
+       #532 #538  CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
+                    on variable m_groupSize in function doProlog leading
+                    to realloc acting as free.
+                    Impact is denial of service or more.
 
         Other changes:
             #535  CMake: Make call to file(GENERATE [..]) work for CMake <3.19
@@ -27,11 +31,13 @@
             #536  CI: Check for realistic minimum CMake version
 
         Special thanks to:
+            An anonymous whitehat
             Christopher Degawa
             J. Peter Mugaas
             Tyson Smith
                  and
             GCC Farm Project
+            Trend Micro Zero Day Initiative
 
 Release 2.4.2 Sun December 19 2021
         Other changes:
commit	f488b072b75d090f76aa61146ddf743813e9b81b	[log] [tgz]
author	Sebastian Pipping <sebastian@pipping.org>	Wed Jan 05 18:25:41 2022 +0100
committer	Sebastian Pipping <sebastian@pipping.org>	Mon Jan 10 16:51:50 2022 +0100
tree	c197797f03fa6b60c858382ac57801f74c462723
parent	85ae9a2d7d0e9358f356b33977b842df8ebaec2b [diff]