]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: da94504) | patch
expat: fix CVE-2022-23852
authorSteve Sakoman <steve@sakoman.com>
Mon, 31 Jan 2022 17:08:36 +0000 (07:08 -1000)
committerAnuj Mittal <anuj.mittal@intel.com>
Mon, 7 Feb 2022 03:01:23 +0000 (11:01 +0800)
commit8a50809a0e54c66a8a7aafb1b9bffbec009f8c57
treeebc3a0b6d291cb7aba3749159378af16837f43b9tree | snapshot
parentda945043aef07a77be8d6663d419b5c690997688commit | diff
expat: fix CVE-2022-23852

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer
for configurations with a nonzero XML_CONTEXT_BYTES.

Backport patch from:
https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40

CVE: CVE-2022-23852
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit af81bb9d10c0f1e9dcaffc1bbc18ef780eea7127)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
meta/recipes-core/expat/expat/CVE-2022-23852.patch [new file with mode: 0644] blob
meta/recipes-core/expat/expat_2.2.10.bb diff | blob | history
Mirror of the official openembedded-core repository