expat-2.1.0-15.0.1.el7.AXS7

This is expat, the C library for parsing XML, written by James Clark. Expat is a
stream oriented XML parser. This means that you register handlers with the
parser prior to starting the parse. These handlers are called when the parser
discovers the associated structures in the document being parsed. A start tag is
an example of the kind of structures for which you may register handlers.

Security Fix(es):

* CVE-2024-45490: Reject negative length for XML_ParseBuffer in xmlparse.c
* CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms
* CVE-2024-45492: Detect integer overflow in nextScaffoldPart on 32-bit
platforms

CVE(s):
CVE-2024-45490
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVE-2024-45491
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CVE-2024-45492
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).