]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: e4d1504) | patch
expat: fix CVE-2022-25235
authorSteve Sakoman <steve@sakoman.com>
Mon, 28 Feb 2022 15:15:13 +0000 (05:15 -1000)
committerSteve Sakoman <steve@sakoman.com>
Mon, 28 Feb 2022 15:37:24 +0000 (05:37 -1000)
commit27ab07b1e8caa5c85526eee4a7a3ad0d73326866
tree7d24b75be5c39845f8e7ad13814af23ab9247350tree | snapshot
parente4d15040f62744265b9236ad7276f3371a9172dacommit | diff
expat: fix CVE-2022-25235

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain
validation of encoding, such as checks for whether a UTF-8 character
is valid in a certain context.

Backport patches from:
https://github.com/libexpat/libexpat/pull/562/commits

CVE: CVE-2022-25235

Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/expat/expat/CVE-2022-25235.patch [new file with mode: 0644] blob
meta/recipes-core/expat/expat_2.2.9.bb diff | blob | history
Mirror of the official openembedded-core repository