Fedora alert FEDORA-2026-b7182d65b7 (perl-XML-Parser)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 43 Update: perl-XML-Parser-2.51-1.fc43 | |
| Date: | Sat, 28 Mar 2026 00:46:47 +0000 | |
| Message-ID: | <20260328004647.3E32A6AFD3@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b7182d65b7 2026-03-28 00:45:01.878099+00:00 -------------------------------------------------------------------------------- Name : perl-XML-Parser Product : Fedora 43 Version : 2.51 Release : 1.fc43 URL : https://metacpan.org/release/XML-Parser Summary : Perl module for parsing XML documents Description : This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time. -------------------------------------------------------------------------------- Update Information: 2.51 bump - Fix CVE-2006-10002, CVE-2006-10003 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 23 2026 Jitka Plesnikova <jplesnik@redhat.com> - 2.51-1 - 2.51 bump (rhbz#2448965) - Fix CVE-2006-10002 (rhbz#2449269), CVE-2006-10003 (rhbz#2449278) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2448965 - perl-XML-Parser-2.51 is available https://bugzilla.redhat.com/show_bug.cgi?id=2448965 [ 2 ] Bug #2449269 - CVE-2006-10002 perl-XML-Parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449269 [ 3 ] Bug #2449278 - CVE-2006-10003 perl-XML-Parser: XML::Parser: Memory corruption via deeply nested XML files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449278 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b7182d65b7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new