tDOM: Artifact [1a6ca85cd5]

Artifact 1a6ca85cd5257bd8beecd66e764fca6ca69d662091860458749793103255f26a:

Ticket change [1a6ca85cd5] - New ticket [bac53da477] update to expat 2.7.3 to fix CVE-2025-59375 & CVE-2024-8176. by anonymous 2026-01-15 13:58:25.
D 2026-01-15T13:58:25.228
J foundin 0.9.6
J icomment There\shave\sbeen\sseveral\sCVE\sfixed\sin\slibexpat\s(at\sthis\stime\s2.7.3)\ssince\sthe\s2.7.1\sversion\sthat\sin\stDOM\s0.9.6:\r\n\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-59375\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-8176\r\n\r\nDetail:\r\n\r\nRelease\s2.7.3\sWed\sSeptember\s24\s2025\r\n\s\s\s\s\s\s\s\sSecurity\sfixes:\r\n\s\s\s\s\s#1046\s#1048\s\sFix\salignment\sof\sinternal\sallocations\sfor\ssome\snon-amd64\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sarchitectures\s(e.g.\ssparc32);\sfixes\sup\son\sthe\sfix\sto\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sCVE-2025-59375\sfrom\s#1034\s(of\sExpat\s2.7.2\sand\srelated\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sbackports)\r\n\s\s\s\s\s\s\s\s\s\s\s#1059\s\sFix\sa\sclass\sof\sfalse\spositives\swhere\sinput\sshould\shave\sbeen\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\srejected\swith\serror\sXML_ERROR_ASYNC_ENTITY;\sregression\sfrom\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sCVE-2024-8176\sfix\spull\srequest\s#973\s(of\sExpat\s2.7.0\sand\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\srelated\sbackports).\sPlease\scheck\sthe\sadded\sunit\stests\sfor\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sexample\sdocuments.\r\n\r\nRelease\s2.7.2\sTue\sSeptember\s16\s2025\r\n\s\s\s\s\s\s\s\sSecurity\sfixes:\r\n\s\s\s\s\s#1018\s#1034\s\sCVE-2025-59375\s--\sDisallow\suse\sof\sdisproportional\samounts\sof\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sdynamic\smemory\sfrom\swithin\san\sExpat\sparser\s(e.g.\spreviously\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sa\s~250\sKiB\ssized\sdocument\swas\sable\sto\scause\sallocation\sof\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s~800\sMiB\sfrom\sthe\sheap,\si.e.\san\s"amplification"\sof\sfactor\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s~3,300);\sonce\sa\sthreshold\s(that\sdefaults\sto\s64\sMiB)\sis\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sreached,\sa\smaximum\samplification\sfactor\s(that\sdefaults\sto\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s100.0)\sis\senforced,\sand\sviolating\sdocuments\sare\srejected\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\swith\san\sout-of-memory\serror.\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sThere\sare\stwo\snew\sAPI\sfunctions\sto\sfine-tune\sthis\snew\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sbehavior:\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s-\sXML_SetAllocTrackerActivationThreshold\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s-\sXML_SetAllocTrackerMaximumAmplification\s.\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sIf\syou\sever\sneed\sto\sincrease\sthese\sdefaults\sfor\snon-attack\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sXML\spayload,\splease\sfile\sa\sbug\sreport\swith\slibexpat.\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sThere\sis\salso\sa\snew\senvironment\svariable\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sEXPAT_MALLOC_DEBUG=(0|1|2)\sto\scontrol\sthe\sverbosity\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sof\sallocations\sdebugging\sat\sruntime,\sdisabled\sby\sdefault.\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sKnown\simpact\sis\s(reliable\sand\seasy)\sdenial\sof\sservice:\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s(Base\sScore:\s7.5,\sTemporal\sScore:\s7.2)\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sPlease\snote\sthat\sa\slayer\sof\scompression\saround\sXML\scan\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\ssignificantly\sreduce\sthe\sminimum\sattack\spayload\ssize.\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sDistributors\sintending\sto\sbackport\s(or\scherry-pick)\sthe\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sfix\sneed\sto\scopy\s99%\sof\sthe\srelated\spull\srequest,\snot\sjust\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sthe\s"lib:\sImplement\stracking\sof\sdynamic\smemory\sallocations"\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\scommit,\sto\snot\send\sup\swith\sa\sstate\sthat\sliterally\sdoes\sboth\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\stoo\smuch\sand\stoo\slittle\sat\sthe\ssame\stime.\sAppending\s".diff"\r\n\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\s\sto\sthe\spull\srequest\sURL\scould\sbe\sof\shelp.\r\n\r\nAny\splan\sto\supdate\sto\s2.7.3\s(or\shigher)\sin\snext\stDOM\sversion\sto\scome?
J login anonymous
J mimetype text/x-markdown
J severity Important
J status Open
J title update\sto\sexpat\s2.7.3\sto\sfix\sCVE-2025-59375\s&\sCVE-2024-8176
J type Feature_Request
K bac53da477d3a4784ac9b4fa014f6a01f7dffdf4
U anonymous
Z e019e845493c748b021fd1a8b7815af7