Bug#1002994: expat: CVE-2021-45960: A large number of prefixed XML attributes on a single tag can crash libexpat (troublesome left shifts by >=29 bits in function storeAtts)

Hi Laszlo, Thank you so much! Regards, Carlos Rodriguez-Fernandez Principal Software Engineer www.healthtrio.com > On Mar 8, 2022, at 9:37 AM, László Böszörményi (GCS) wrote: > > Hi Carlos, > > On Tue, Mar 8, 2022 at 4:51 PM Carlos Rodriguez > wrote: >> I see t

Bug#1002994: expat: CVE-2021-45960: A large number of prefixed XML attributes on a single tag can crash libexpat (troublesome left shifts by >=29 bits in function storeAtts)

ity-tracker.debian.org/tracker/CVE-2021-45960, in the versions 2.2.0-2+deb9u5, 2.2.6-2+deb10u3 and 2.2.10-2+deb11u2. I’m having a hard time seeing how the fix was ported to earlier versions of expat. Could you please point me to where those fixes were ported? Thank you, Carlos Rodriguez-Fernandez Princi