]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 27ab07b) | patch
expat: fix CVE-2022-25236
authorSteve Sakoman <steve@sakoman.com>
Mon, 28 Feb 2022 15:31:13 +0000 (05:31 -1000)
committerSteve Sakoman <steve@sakoman.com>
Mon, 28 Feb 2022 15:37:24 +0000 (05:37 -1000)
commit72ab213c128ef75669447eadcae8219a9f87f941
tree9a676dd64007cce54753822dfdb7bf8349861749tree | snapshot
parent27ab07b1e8caa5c85526eee4a7a3ad0d73326866commit | diff
expat: fix CVE-2022-25236

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows
attackers to insert namespace-separator characters into
namespace URIs.

Backport patches from:
https://github.com/libexpat/libexpat/pull/561/commits

CVE: CVE-2022-25236

Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/expat/expat/CVE-2022-25236.patch [new file with mode: 0644] blob
meta/recipes-core/expat/expat_2.2.9.bb diff | blob | history
Mirror of the official openembedded-core repository