Merge branch 'trunk' of git.linuxfromscratch.org:lfs into trunk

author: Bruce Dubbs <bdubbs@linuxfromscratch.org> 2022-02-25 14:58:29 -0600
committer: Bruce Dubbs <bdubbs@linuxfromscratch.org> 2022-02-25 14:58:29 -0600
commit: cbd0a9a98e1fc17cf652b6db5fa223fe5b3043fa (patch)
tree: fcfc69ca2c88c1d69dc2418ef2d08fc0022c2cf6 /chapter03/packages.xml
parent: 7b270d9a69e4f9b4e08c1363cc74d733fa4ddaf8 (diff)
parent: b0a6b0cedba1c78a27a8e3affc079673953c3901 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/chapter03/packages.xml b/chapter03/packages.xml
index 171daec75..67adc3e31 100644
--- a/chapter03/packages.xml
+++ b/chapter03/packages.xml
@@ -173,6 +173,15 @@
         <para>Home page: <ulink url="&expat-home;"/></para>
         <para>Download: <ulink url="&expat-url;"/></para>
         <para>MD5 sum: <literal>&expat-md5;</literal></para>
+        <note>
+          <para>The upstream may remove tarballs of the specific releases of
+          <application>Expat</application> when these releases contain a
+          security vulnerability.  You should refer to
+          <ulink url='&lfs-root;lfs/advisories/'>LFS security advisories</ulink>
+          to figure out which version (with the vulnerability fixed) should
+          be used.  You may download the vulnerable version from a mirror,
+          but it's not recommended.</para>
+        </note>
       </listitem>
     </varlistentry>
author	Bruce Dubbs <bdubbs@linuxfromscratch.org>	2022-02-25 14:58:29 -0600
committer	Bruce Dubbs <bdubbs@linuxfromscratch.org>	2022-02-25 14:58:29 -0600
commit	cbd0a9a98e1fc17cf652b6db5fa223fe5b3043fa (patch)
tree	fcfc69ca2c88c1d69dc2418ef2d08fc0022c2cf6 /chapter03/packages.xml
parent	7b270d9a69e4f9b4e08c1363cc74d733fa4ddaf8 (diff)
parent	b0a6b0cedba1c78a27a8e3affc079673953c3901 (diff)