]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 88c0290) | patch
expat: fix CVE-2022-23990
authorSteve Sakoman <steve@sakoman.com>
Mon, 7 Feb 2022 15:20:24 +0000 (05:20 -1000)
committerSteve Sakoman <steve@sakoman.com>
Wed, 9 Feb 2022 14:42:37 +0000 (04:42 -1000)
commit6a0c9607656970c669ff12cdafd39f4fb7082f6c
treecbc924a3f48e68fd0dda5aaab184ac3d737fe6actree | snapshot
parent88c0290520c9e4982d25c20e783bd91eec016b52commit | diff
expat: fix CVE-2022-23990

Expat (aka libexpat) before 2.4.4 has an integer overflow in the
doProlog function.

Backport patch from:

https://github.com/libexpat/libexpat/pull/551/commits/ede41d1e186ed2aba88a06e84cac839b770af3a1

CVE: CVE-2021-23990
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/expat/expat/CVE-2022-23990.patch [new file with mode: 0644] blob
meta/recipes-core/expat/expat_2.2.9.bb diff | blob | history
Mirror of the official openembedded-core repository