textproc/expat2: update to 2.4.3
From [1]:
libexpat is a fast streaming XML parser. Alongside libxml2, Expat is one
of the most widely used software libre XML parsers written in C,
precisely C99. It is cross-platform and licensed under the MIT license.
Expat 2.4.3 has been released earlier today. Besides two minor fixes to
the build system, this release is about security fixes. There is a total
of 8 CVEs fixed, all related to fixed-size integer math (integer
overflow and invalid shifts) near memory allocation. Impact is denial of
service, or more.
- CVE-2021-45960
- CVE-2021-46143
- CVE-2022-22822
- CVE-2022-22823
- CVE-2022-22824
- CVE-2022-22825
- CVE-2022-22826
- CVE-2022-22827
For more details, please check out the change log [2].
[1] https://blog.hartwork.org/posts/expat-2-4-3-released/
[2] https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes
Exp-run by: antoine
PR: 261285
(cherry picked from commit 97d40c6bda0656833e3e16d9364a5dc1b9587200)