[cmake-developers] [CMake 0016095]: Latest CMake bundles insecure copy of Expat
Mantis Bug Tracker
mantis at public.kitware.com
Thu May 5 12:36:13 EDT 2016
The following issue has been SUBMITTED.
======================================================================
https://public.kitware.com/Bug/view.php?id=16095
======================================================================
Reported By: Sebastian Pipping
Assigned To:
======================================================================
Project: CMake
Issue ID: 16095
Category: CMake
Reproducibility: always
Severity: major
Priority: normal
Status: new
======================================================================
Date Submitted: 2016-05-05 12:36 EDT
Last Modified: 2016-05-05 12:36 EDT
======================================================================
Summary: Latest CMake bundles insecure copy of Expat
Description:
I found that even recent CMake bundles a copy of libexpat in folder
"Utilities/cmexpat" [1] that is 12 years old (version 1.95.2 [2]) and has known
security issues. Due to the auto-detection of Expat at [3], I do not worry about
users of Linux or OS X too much. How about Windows?
Please consider resolving the bundled copy or update to the latest release of
Expat. Thank you!
Best, Sebastian
[1]
https://github.com/Kitware/CMake/tree/1d4ab06a7045edf366c689ba5e29bbc35d08718e/Utilities/cmexpat
[2]
https://github.com/Kitware/CMake/blob/1d4ab06a7045edf366c689ba5e29bbc35d08718e/Utilities/cmexpat/expat.h#L732
[3]
https://github.com/Kitware/CMake/blob/1d4ab06a7045edf366c689ba5e29bbc35d08718e/CMakeLists.txt#L417
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
2016-05-05 12:36 Sebastian PippingNew Issue
======================================================================
More information about the cmake-developers
mailing list