blob: c38a334540960a5ee2a8f90341a69a09b5ac539c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From cdead241d4f1136c2f38d1b28e95073c59753d30 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Thu, 26 Oct 2023 01:40:05 +0200
Subject: [PATCH] doc/reference.html: Clarify effect of XML_DTD on external
entities
Defining XML_DTD emnables support for external parameter(!)
entities. External general(!) entities have been supported
even with XML_DTD undefined. (Only now with Expat 2.6.0
defining XML_GE as 0 can take that away.)
CVE: CVE-2023-52426
Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/cdead241d4f1136c2f38d1b28e95073c59753d30]
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
---
doc/reference.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/reference.html b/doc/reference.html
index 8b0d47d..a30e462 100644
--- a/doc/reference.html
+++ b/doc/reference.html
@@ -365,7 +365,7 @@ this is defined, default attribute values from an external DTD subset
are reported and attribute value normalization occurs based on the
type of attributes defined in the external subset. Without
this, Expat has a smaller memory footprint and can be faster, but will
-not load external entities or process conditional sections. If defined, makes
+not load external parameter entities or process conditional sections. If defined, makes
the functions <code><a
href="#XML_SetBillionLaughsAttackProtectionMaximumAmplification">
XML_SetBillionLaughsAttackProtectionMaximumAmplification</a></code> and <code>
--
2.40.0
|
