https://bugzilla.suse.com/show_bug.cgi?id=1232608 https://bugzilla.suse.com/show_bug.cgi?id=1232608#c2 Dave Plater <davejplater@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kv@kott.no-ip.biz --- Comment #2 from Dave Plater <davejplater@gmail.com> --- @kill_it Konstantin this CVE refers to the VST addon, there's no mention of xpat in the audacity sources. find . -iname "*xpat*" ./cmake-proxies/cmake-modules/dependencies/expat.cmake ./vst3sdk-3.7.12_build_20/vstgui4/vstgui/uidescription/expat ./vst3sdk-3.7.12_build_20/vstgui4/vstgui/uidescription/expat/expat.h ./vst3sdk-3.7.12_build_20/vstgui4/vstgui/uidescription/expat/expat_external.h Can you fix it or should we remove it from the build? Either an updated xpat without the vulnerability or a patch should do. -- You are receiving this mail because: You are on the CC list for the bug.