Windows: Update Expat to 2.2.3 to fix DLL hijacking (CVE-2017-11742)

hartwork commented 6 years ago

Hi!

You seem target Windows and bundle Expat 2.2.2. Please update your bundle to Expat 2.2.3 to fix vulnerability CVE-2017-11742.

Thanks!

VictorVG commented 6 years ago

Dir ./Far3 have archive FarNetBox-2.4.4_Far3_x64.7z & FarNetBox-2.4.4_Far3_x86.7z - is NetBox v2.4.4.521 builded VC++2010/CMake 3.9.0. 32-bit for WinXP SP3 / 64-bit for Vista or never OS.

NetBox 2.4.4.521 03.08.2017

Issue #249: Update expat sources to 2.2.3

Issue #247: bug when session is opened by Ctrl-PgDown

Issue #246: SCP: check unusual listing format (https://github.com/michaellukashov/Far-NetBox/issues/246)

FTP: use QUIT to disconnect from server

Fix AV after reopen connection

Please check it.

hartwork commented 6 years ago

Thanks for making a new release! I'm afraid I cannot help with testing on Windows myself.

VictorVG commented 6 years ago

Well, what I could, I checked it myself, the rest of the people will help.

VictorVG commented 6 years ago

Fixed

michaellukashov / Far-NetBox

Windows: Update Expat to 2.2.3 to fix DLL hijacking (CVE-2017-11742) #249

NetBox 2.4.4.521 03.08.2017