CVE-2017-9233
published 2017-07-25CVE-2017-9233: XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a…
PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.22%
44.4th percentile
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | macos_high_sierra | — | — |
| apple | tvos | — | — |
| apple | watchos_4 | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | expat | < expat 2.2.1-1 (bookworm) | expat 2.2.1-1 (bookworm) |
| debian | libxmltok | < expat 2.2.1-1 (bookworm) | expat 2.2.1-1 (bookworm) |
| libexpat_project | libexpat | <= 2.2.0 | — |
| python | python | >= 2.7.0 < 2.7.15 | 2.7.15 |
| python | python | >= 3.3.0 < 3.3.7 | 3.3.7 |
| python | python | >= 3.4.0 < 3.4.7 | 3.4.7 |
| python | python | >= 3.5.0 < 3.5.4 | 3.5.4 |
| python | python | >= 3.6.0 < 3.6.2 | 3.6.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
Ubuntu
Coin3D vulnerability
vendor_ubuntu·2021-03-15
CVE-2017-9233 Coin3D vulnerability
Title: Coin3D vulnerability
Summary: Coin3D could be made to crash if it received specially crafted
input.
USN-3356-1 fix a vulnerability in Expat. This update provides
the corresponding update for Coin3D for Ubuntu 14.04 ESM and
Ubuntu 16.04 ESM.
Instructions: In general, a standard system update will make all the necessary changes.
Apple
CVE-2017-9049: macOS High Sierra 10.13
vendor_apple·2017-09-25·CVSS 7.5
CVE-2017-9049 [HIGH] CVE-2017-9049: macOS High Sierra 10.13
Apple Security Update: About the security content of macOS High Sierra 10.13
Product: macOS High Sierra
Version: 10.13
CVE: CVE-2017-9049
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A null pointer dereference was addressed with improved validation.
Apple
CVE-2018-4302: macOS High Sierra 10.13
vendor_apple·2017-09-25·CVSS 7.5
CVE-2018-4302 [HIGH] CVE-2018-4302: macOS High Sierra 10.13
Apple Security Update: About the security content of macOS High Sierra 10.13
Product: macOS High Sierra
Version: 10.13
CVE: CVE-2018-4302
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A null pointer dereference was addressed with improved validation.
Apple
CVE-2017-5130: macOS High Sierra 10.13
vendor_apple·2017-09-25·CVSS 8.8
CVE-2017-5130 [HIGH] CVE-2017-5130: macOS High Sierra 10.13
Apple Security Update: About the security content of macOS High Sierra 10.13
Product: macOS High Sierra
Version: 10.13
CVE: CVE-2017-5130
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A null pointer dereference was addressed with improved validation.
Apple
CVE-2017-9233: macOS High Sierra 10.13
vendor_apple·2017-09-25·CVSS 7.5
CVE-2017-9233 [HIGH] CVE-2017-9233: macOS High Sierra 10.13
Apple Security Update: About the security content of macOS High Sierra 10.13
Product: macOS High Sierra
Version: 10.13
CVE: CVE-2017-9233
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A null pointer dereference was addressed with improved validation.
Apple
CVE-2017-9050: macOS High Sierra 10.13
vendor_apple·2017-09-25·CVSS 7.5
CVE-2017-9050 [HIGH] CVE-2017-9050: macOS High Sierra 10.13
Apple Security Update: About the security content of macOS High Sierra 10.13
Product: macOS High Sierra
Version: 10.13
CVE: CVE-2017-9050
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A null pointer dereference was addressed with improved validation.
Apple
CVE-2017-7376: macOS High Sierra 10.13
vendor_apple·2017-09-25·CVSS 9.8
CVE-2017-7376 [CRITICAL] CVE-2017-7376: macOS High Sierra 10.13
Apple Security Update: About the security content of macOS High Sierra 10.13
Product: macOS High Sierra
Version: 10.13
CVE: CVE-2017-7376
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A null pointer dereference was addressed with improved validation.
Apple
CVE-2017-9049: iOS 11
vendor_apple·2017-09-19·CVSS 7.5
CVE-2017-9049 [HIGH] CVE-2017-9049: iOS 11
Apple Security Update: About the security content of iOS 11
Product: iOS
Version: 11
CVE: CVE-2017-9049
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
Apple
CVE-2017-9050: iOS 11
vendor_apple·2017-09-19·CVSS 7.5
CVE-2017-9050 [HIGH] CVE-2017-9050: iOS 11
Apple Security Update: About the security content of iOS 11
Product: iOS
Version: 11
CVE: CVE-2017-9050
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
Apple
CVE-2017-5130: tvOS 11
vendor_apple·2017-09-19·CVSS 8.8
CVE-2017-5130 [HIGH] CVE-2017-5130: tvOS 11
Apple Security Update: About the security content of tvOS 11
Product: tvOS
Version: 11
CVE: CVE-2017-5130
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
Apple
CVE-2017-9050: tvOS 11
vendor_apple·2017-09-19·CVSS 7.5
CVE-2017-9050 [HIGH] CVE-2017-9050: tvOS 11
Apple Security Update: About the security content of tvOS 11
Product: tvOS
Version: 11
CVE: CVE-2017-9050
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
Apple
CVE-2017-7376: watchOS 4
vendor_apple·2017-09-19·CVSS 9.8
CVE-2017-7376 [CRITICAL] CVE-2017-7376: watchOS 4
Apple Security Update: About the security content of watchOS 4
Product: watchOS 4
CVE: CVE-2017-7376
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
Apple
CVE-2017-7376: tvOS 11
vendor_apple·2017-09-19·CVSS 9.8
CVE-2017-7376 [CRITICAL] CVE-2017-7376: tvOS 11
Apple Security Update: About the security content of tvOS 11
Product: tvOS
Version: 11
CVE: CVE-2017-7376
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
Apple
CVE-2017-7376: iOS 11
vendor_apple·2017-09-19·CVSS 9.8
CVE-2017-7376 [CRITICAL] CVE-2017-7376: iOS 11
Apple Security Update: About the security content of iOS 11
Product: iOS
Version: 11
CVE: CVE-2017-7376
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
Apple
CVE-2017-9233: tvOS 11
vendor_apple·2017-09-19·CVSS 7.5
CVE-2017-9233 [HIGH] CVE-2017-9233: tvOS 11
Apple Security Update: About the security content of tvOS 11
Product: tvOS
Version: 11
CVE: CVE-2017-9233
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
Apple
CVE-2017-9049: watchOS 4
vendor_apple·2017-09-19·CVSS 7.5
CVE-2017-9049 [HIGH] CVE-2017-9049: watchOS 4
Apple Security Update: About the security content of watchOS 4
Product: watchOS 4
CVE: CVE-2017-9049
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
Apple
CVE-2017-9233: watchOS 4
vendor_apple·2017-09-19·CVSS 7.5
CVE-2017-9233 [HIGH] CVE-2017-9233: watchOS 4
Apple Security Update: About the security content of watchOS 4
Product: watchOS 4
CVE: CVE-2017-9233
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
Apple
CVE-2017-5130: watchOS 4
vendor_apple·2017-09-19·CVSS 8.8
CVE-2017-5130 [HIGH] CVE-2017-5130: watchOS 4
Apple Security Update: About the security content of watchOS 4
Product: watchOS 4
CVE: CVE-2017-5130
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
Apple
CVE-2017-5130: iOS 11
vendor_apple·2017-09-19·CVSS 8.8
CVE-2017-5130 [HIGH] CVE-2017-5130: iOS 11
Apple Security Update: About the security content of iOS 11
Product: iOS
Version: 11
CVE: CVE-2017-5130
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
Apple
CVE-2017-9050: watchOS 4
vendor_apple·2017-09-19·CVSS 7.5
CVE-2017-9050 [HIGH] CVE-2017-9050: watchOS 4
Apple Security Update: About the security content of watchOS 4
Product: watchOS 4
CVE: CVE-2017-9050
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
Apple
CVE-2017-9233: iOS 11
vendor_apple·2017-09-19·CVSS 7.5
CVE-2017-9233 [HIGH] CVE-2017-9233: iOS 11
Apple Security Update: About the security content of iOS 11
Product: iOS
Version: 11
CVE: CVE-2017-9233
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
Apple
CVE-2017-9049: tvOS 11
vendor_apple·2017-09-19·CVSS 7.5
CVE-2017-9049 [HIGH] CVE-2017-9049: tvOS 11
Apple Security Update: About the security content of tvOS 11
Product: tvOS
Version: 11
CVE: CVE-2017-9049
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
Apple
CVE-2018-4302: watchOS 4
vendor_apple·2017-09-19·CVSS 7.5
CVE-2018-4302 [HIGH] CVE-2018-4302: watchOS 4
Apple Security Update: About the security content of watchOS 4
Product: watchOS 4
CVE: CVE-2018-4302
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
Apple
CVE-2018-4302: iOS 11
vendor_apple·2017-09-19·CVSS 7.5
CVE-2018-4302 [HIGH] CVE-2018-4302: iOS 11
Apple Security Update: About the security content of iOS 11
Product: iOS
Version: 11
CVE: CVE-2018-4302
Component: CVE-2017-9233
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
Ubuntu
Expat vulnerability
vendor_ubuntu·2017-07-19
CVE-2017-9233 Expat vulnerability
Title: Expat vulnerability
Summary: Expat could be made to hang if it received specially crafted input.
It was discovered that Expat incorrectly handled certain external entities.
A remote attacker could possibly use this issue to cause Expat to hang,
resulting in a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Expat vulnerability
vendor_ubuntu·2017-07-19
CVE-2017-9233 Expat vulnerability
Title: Expat vulnerability
Summary: Expat could be made to hang if it received specially crafted input.
USN-3356-1 fix a vulnerability in Expat. This update provides
the corresponding udpate for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that Expat incorrectly handled certain external entities.
A remote attacker could possibly use this issue to cause Expat to hang,
resulting in a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
expat: Inifinite loop due to invalid XML in external entity
vendor_redhat·2017-06-14·CVSS 7.5
CVE-2017-9233 [HIGH] CWE-835 expat: Inifinite loop due to invalid XML in external entity
expat: Inifinite loop due to invalid XML in external entity
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
Mitigation: Do not parse untrusted arbitrary XML data using the expat package.
Package: expat (Red Hat Enterprise Linux 5) - Will not fix
Package: firefox (Red Hat Enterprise Linux 5) - Will not fix
Package: thunderbird (Red Hat Enterprise Linux 5) - Will not fix
Package: xmlrpc-c (Red Hat Enterprise Linux 5) - Will not fix
Package: xulrunner (Red Hat Enterprise Linux 5) - Will not fix
Package: compat-expat1 (Red Hat Enterprise Linux 6) - Will not fix
Package: firefox (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2017-9233: expat - XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parse...
vendor_debian·2017·CVSS 7.5
CVE-2017-9233 [HIGH] CVE-2017-9233: expat - XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parse...
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
Scope: local
bookworm: resolved (fixed in 2.2.1-1)
bullseye: resolved (fixed in 2.2.1-1)
forky: resolved (fixed in 2.2.1-1)
sid: resolved (fixed in 2.2.1-1)
trixie: resolved (fixed in 2.2.1-1)
GHSA
GHSA-6j8w-m4cc-r7hm: XML External Entity vulnerability in libexpat 2
ghsa_unreviewed·2022-05-13
CVE-2017-9233 [HIGH] CWE-611 GHSA-6j8w-m4cc-r7hm: XML External Entity vulnerability in libexpat 2
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
OSV
CVE-2017-9233: XML External Entity vulnerability in libexpat 2
osv·2017-07-25·CVSS 7.5
CVE-2017-9233 [HIGH] CVE-2017-9233: XML External Entity vulnerability in libexpat 2
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-9233 expat21: expat: Inifinite loop due to invalid XML in external entity [epel-all]
bugzilla·2017-06-19·CVSS 7.5
CVE-2017-9233 [HIGH] CVE-2017-9233 expat21: expat: Inifinite loop due to invalid XML in external entity [epel-all]
CVE-2017-9233 expat21: expat: Inifinite loop due to invalid XML in external entity [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supp
Bugzilla
CVE-2017-9233 expat: Inifinite loop due to invalid XML in external entity [fedora-all]
bugzilla·2017-06-19·CVSS 7.5
CVE-2017-9233 [HIGH] CVE-2017-9233 expat: Inifinite loop due to invalid XML in external entity [fedora-all]
CVE-2017-9233 expat: Inifinite loop due to invalid XML in external entity [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported
Bugzilla
CVE-2017-9233 mingw-expat: expat: Inifinite loop due to invalid XML in external entity [epel-7]
bugzilla·2017-06-19·CVSS 7.5
CVE-2017-9233 [HIGH] CVE-2017-9233 mingw-expat: expat: Inifinite loop due to invalid XML in external entity [epel-7]
CVE-2017-9233 mingw-expat: expat: Inifinite loop due to invalid XML in external entity [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following templat
Bugzilla
CVE-2017-9233 compat-expat1: expat: Inifinite loop due to invalid XML in external entity [fedora-all]
bugzilla·2017-06-19·CVSS 7.5
CVE-2017-9233 [HIGH] CVE-2017-9233 compat-expat1: expat: Inifinite loop due to invalid XML in external entity [fedora-all]
CVE-2017-9233 compat-expat1: expat: Inifinite loop due to invalid XML in external entity [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mul
Bugzilla
CVE-2017-9233 expat: Inifinite loop due to invalid XML in external entity
bugzilla·2017-06-19·CVSS 7.5
CVE-2017-9233 [HIGH] CVE-2017-9233 expat: Inifinite loop due to invalid XML in external entity
CVE-2017-9233 expat: Inifinite loop due to invalid XML in external entity
An infinite loop vulnerability due to malformed XML in external entity was found in entityValueInitProcessor function affecting versions of Expat 2.2.0 and earlier.
Upstream patch:
https://github.com/libexpat/libexpat/commit/c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
External References:
https://libexpat.github.io/doc/cve-2017-9233/
Discussion:
Created compat-expat1 tracking bugs for this issue:
Affects: fedora-all [bug 1462732]
Created expat tracking bugs for this issue:
Affects: fedora-all [bug 1462735]
Created expat21 tracking bugs for this issue:
Affects: epel-all [bug 1462734]
Created mingw-expat tracking bugs for this issue:
Affects: epel-7 [bug 1462731]
Affects: fedora-all [bug 1462733]
---
Mi
Bugzilla
CVE-2017-9233 mingw-expat: expat: Inifinite loop due to invalid XML in external entity [fedora-all]
bugzilla·2017-06-19·CVSS 7.5
CVE-2017-9233 [HIGH] CVE-2017-9233 mingw-expat: expat: Inifinite loop due to invalid XML in external entity [fedora-all]
CVE-2017-9233 mingw-expat: expat: Inifinite loop due to invalid XML in external entity [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multi
Bugzilla
Update to Expat 2.2.1
bugzilla·2017-06-18·CVSS 4.3
[MEDIUM] Update to Expat 2.2.1
Update to Expat 2.2.1
Update expat files that live in: parser/expat/lib/
For list of fixed CVEs see:
http://www.openwall.com/lists/oss-security/2017/06/17/7
Discussion:
This fixes some integer overflows, a double free and more. So marking s-s for now.
---
FWIW I've explicitly avoided updating to the latest expat versions as they've tend to introduce more CVE's than they fix. We keep a much trimmed down (and modified) version of 2.0.0 in tree, it would be interesting to see what overlap there is and maybe just cherry-pick changes that are relevant to us.
---
I've started looking over the differences. I'll attach some patches with some no-brainers and then we can decide on the rest.
---
From the release notes:
CVE-2017-9233 External entity infinite loop DoS
Probably affects us, I
http://www.debian.org/security/2017/dsa-3898http://www.openwall.com/lists/oss-security/2017/06/17/7http://www.securityfocus.com/bid/99276http://www.securitytracker.com/id/1039427https://github.com/libexpat/libexpat/blob/master/expat/Changeshttps://libexpat.github.io/doc/cve-2017-9233/https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://support.apple.com/HT208112https://support.apple.com/HT208113https://support.apple.com/HT208115https://support.apple.com/HT208144https://support.f5.com/csp/article/K03244804http://www.debian.org/security/2017/dsa-3898http://www.openwall.com/lists/oss-security/2017/06/17/7http://www.securityfocus.com/bid/99276http://www.securitytracker.com/id/1039427https://github.com/libexpat/libexpat/blob/master/expat/Changeshttps://libexpat.github.io/doc/cve-2017-9233/https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://support.apple.com/HT208112https://support.apple.com/HT208113https://support.apple.com/HT208115https://support.apple.com/HT208144https://support.f5.com/csp/article/K03244804
2017-07-25
Published