Changes: Mention use of high quality entropy sources

2025-04-13 08:02:56 +00:00 · 2017-05-25 19:28:15 +02:00 · 2017-05-25 19:28:15 +02:00 · ba1fc202c1
commit ba1fc202c1
parent 04ad658bd3
1 changed files with 5 additions and 0 deletions
--- a/expat/Changes
+++ b/expat/Changes
@ -2,6 +2,11 @@ Release ??????????
        Security fixes:
                  CVE-2016-9063 -- Detect integer overflow
             #25  More integer overflow detection (function poolGrow)
+                  Use high quality entropy for hash initialization:
+                    * arc4random_buf on BSD, systems with libbsd, CloudABI
+                    * RtlGenRandom on Windows XP / Server 2003 and later
+                    * getrandom on glic 2.25+ Linux 3.17+
+                  In a way, that's still part of CVE-2016-5300.

        Bug fixes:
            #539  Fix regression from fix to CVE-2016-0718 cutting off