ALT-BU-2024-17572-1
Branch sisyphus_loongarch64 update bulletin.
Package esbuild updated to version 0.24.2-alt1 for branch sisyphus_loongarch64.
Closed bugs
esbuild: too old
Package freedroidrpg updated to version 1.0.0.9.git85156e2-alt1 for branch sisyphus_loongarch64.
Closed bugs
Вышла новая версия freedroidRPG 1.0
Package cjson updated to version 1.7.18-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2024-01768
Уязвимость функции cJSON_InsertItemInArray библиотеки для обработки JSON файлов на языке С JSON-C, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-07-22
CVE-2023-50471
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.
- https://github.com/DaveGamble/cJSON/issues/802
- https://lists.debian.org/debian-lts-announce/2023/12/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EO4XCUTY3ZMVW4YBG6DBYVS5NSMNP6JY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSI3LL6ZNKYNM5JKPA5FKZTATL4MPF7V/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQOQ7CAOYBNHGAMNOR7ELGLC22HV3ZQV/
- https://github.com/DaveGamble/cJSON/issues/802
- https://lists.debian.org/debian-lts-announce/2023/12/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EO4XCUTY3ZMVW4YBG6DBYVS5NSMNP6JY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSI3LL6ZNKYNM5JKPA5FKZTATL4MPF7V/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQOQ7CAOYBNHGAMNOR7ELGLC22HV3ZQV/
Modified: 2025-07-22
CVE-2023-50472
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.
Package evms updated to version 2.5.5-alt85 for branch sisyphus_loongarch64.
Closed bugs
Захардкожен устаревший шифр aes-cbc-essiv:sha256
Package php8.3-pdo_mysql updated to version 8.3.15-alt1 for branch sisyphus_loongarch64.
Closed bugs
Нехватает зависимости на php8.1-mysqlnd
Package expat updated to version 2.6.4-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2024-01514
Уязвимость библиотеки синтаксического анализатора XML libexpat, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-04334
Уязвимость библиотеки для анализа XML-файлов libexpat, связанная с неправильным ограничением рекурсивных ссылок на объекты в DTD, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-07004
Уязвимость библиотеки для анализа XML-файлов libexpat, связанная с неправильным ограничением ссылки на внешнюю сущность XML, позволяющая нарушителю выполнить произвольный код
BDU:2024-07376
Уязвимость функции nextScaffoldPart() (xmlparse.c) библиотеки для анализа XML-файлов libexpat, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2024-07377
Уязвимость функции dtdCopy() (xmlparse.c)библиотеки для анализа XML-файлов libexpat, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Modified: 2024-11-21
CVE-2023-52425
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
- http://www.openwall.com/lists/oss-security/2024/03/20/5
- https://github.com/libexpat/libexpat/pull/789
- https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/
- https://security.netapp.com/advisory/ntap-20240614-0003/
- http://www.openwall.com/lists/oss-security/2024/03/20/5
- https://github.com/libexpat/libexpat/pull/789
- https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/
- https://security.netapp.com/advisory/ntap-20240614-0003/
Modified: 2025-06-17
CVE-2023-52426
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
- https://cwe.mitre.org/data/definitions/776.html
- https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404
- https://github.com/libexpat/libexpat/pull/777
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/
- https://security.netapp.com/advisory/ntap-20240307-0005/
- https://cwe.mitre.org/data/definitions/776.html
- https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404
- https://github.com/libexpat/libexpat/pull/777
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/
- https://security.netapp.com/advisory/ntap-20240307-0005/
Modified: 2025-03-14
CVE-2024-45490
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
Modified: 2024-11-21
CVE-2024-45491
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Modified: 2024-11-21
CVE-2024-45492
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).