expat fix CVE-2022-22822 through CVE-2022-22827
xmlparse.c has multiple integer overflows. The involved functions are:
- addBinding (CVE-2022-22822)
- build_model (CVE-2022-22823)
- defineAttribute (CVE-2022-22824)
- lookup (CVE-2022-22825)
- nextScaffoldPart (CVE-2022-22826)
- storeAtts (CVE-2022-22827)
Backport patch from:
https://github.com/libexpat/libexpat/pull/539/commits/
9f93e8036e842329863bf20395b8fb8f73834d9e
CVE: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit
3b6c47c0ebae9fdb7a13480daf8f46a8dbb2c9bd)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
