[SECURITY] Fedora 38 Update: tinyxml-2.6.2-28.fc38

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-c9dc0ac419 2024-01-12 00:59:08.472906 -------------------------------------------------------------------------------- Name : tinyxml Product : Fedora 38 Version : 2.6.2 Release : 28.fc38 URL : http://www.grinninglizard.com/tinyxml/ Summary : A simple, small, C++ XML parser Description : TinyXML is a simple, small, C++ XML parser that can be easily integrating into other programs. Have you ever found yourself writing a text file parser every time you needed to save human readable data or serialize objects? TinyXML solves the text I/O file once and for all. (Or, as a friend said, ends the Just Another Text File Parser problem.) -------------------------------------------------------------------------------- Update Information: Bugfix release. Includes security fixes for CVE-2021-42260 and CVE-2023-34194 and a fix for incorrect text element encoding (upstream isssue #51). -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 3 2024 Dominik Mierzejewski <dominik(a)greysector.net&gt; - 2.6.2-28 - apply Debian patch to fix CVE-2021-42260 (rhbz#2253716, rhbz#2253718) - apply Debian patch to fix CVE-2023-34194 and its duplicate, CVE-2023-40462 (rhbz#2254376, rhbz#2254381) - fix incorrect text element encoding (upstream isssue #51) - compile and run tests * Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 2.6.2-27 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2253716 - CVE-2021-42260 tinyxml: infinite loop causes crash https://bugzilla.redhat.com/show_bug.cgi?id=2253716 [ 2 ] Bug #2254376 - CVE-2023-34194 tinyxml: reachable assertion may lead to denial of service https://bugzilla.redhat.com/show_bug.cgi?id=2254376 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c9dc0ac419' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------