CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/
Thanks to swalker for CPE to package mapping and
keep tracking CVEs.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Update (lib)expat to 2.2.3
Remove poor entropy hack, 2.2.3 uses /dev/urandom in worst case
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Expat release 2.2.2 requires support for either syscall(SYS_getrandom) which
is available on Linux 3.17 or support for getrandom() which is only available
in glibc 2.25 or later.
Since some of our builders still run on Linux 3.16, we need to forcibly
disable the use of getrandom() for the host builds.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Updates expat to 2.2.0
Fixes several CVEs:
CVE-2016-0718
CVE-2016-4472
CVE-2016-5300
CVE-2012-6702
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>