Upgrade bundled expat to 2.4.4

https://github.com/libexpat/libexpat/releases/tag/R_2_4_4

This release fixes 2 CVEs:

            #550  CVE-2022-23852 -- Fix signed integer overflow
                    (undefined behavior) in function XML_GetBuffer
                    (that is also called by function XML_Parse internally)
                    for when XML_CONTEXT_BYTES is defined to >0 (which is both
                    common and default).
                    Impact is denial of service or more.
            #551  CVE-2022-23990 -- Fix unsigned integer overflow in function
                    doProlog triggered by large content in element type
                    declarations when there is an element declaration handler
                    present (from a prior call to XML_SetElementDeclHandler).
                    Impact is denial of service or more.

[CHANGELOG](https://github.com/libexpat/libexpat/blob/R_2_4_4/expat/Changes)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade bundled expat to 2.4.4 #3506

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Upgrade bundled expat to 2.4.4 #3506

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions