]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 01f256b) | patch
expat fix CVE-2022-22822 through CVE-2022-22827
authorSteve Sakoman <steve@sakoman.com>
Wed, 19 Jan 2022 14:33:49 +0000 (04:33 -1000)
committerSteve Sakoman <steve@sakoman.com>
Wed, 19 Jan 2022 14:33:49 +0000 (04:33 -1000)
commit3b6c47c0ebae9fdb7a13480daf8f46a8dbb2c9bd
tree7598f09a98518f55f0eeb288cb4dcc6b1e1adddetree | snapshot
parent01f256bc72fb45c80b6a6c77506bc4c375965a3acommit | diff
expat fix CVE-2022-22822 through CVE-2022-22827

xmlparse.c has multiple integer overflows. The involved functions are:

- addBinding (CVE-2022-22822)
- build_model (CVE-2022-22823)
- defineAttribute (CVE-2022-22824)
- lookup (CVE-2022-22825)
- nextScaffoldPart (CVE-2022-22826)
- storeAtts (CVE-2022-22827)

Backport patch from:
https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e

CVE: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/expat/expat/CVE-2022-22822-27.patch [new file with mode: 0644] blob
meta/recipes-core/expat/expat_2.2.9.bb diff | blob | history
Mirror of the official openembedded-core repository