]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: b92c332) | patch
expat: fix CVE-2022-25315
authorSteve Sakoman <steve@sakoman.com>
Mon, 28 Feb 2022 15:59:40 +0000 (05:59 -1000)
committerSteve Sakoman <steve@sakoman.com>
Thu, 3 Mar 2022 17:43:07 +0000 (07:43 -1000)
commit9cb21fd89de99abeeef1dd962e6019943de546a4
treefe2e29dc87398629330382ab29a107f160d6c7f6tree | snapshot
parentb92c33285c5f886c95a3734e61007b522b62a71fcommit | diff
expat: fix CVE-2022-25315

In Expat (aka libexpat) before 2.4.5, there is an integer overflow
in storeRawNames.

Backport patch from:
https://github.com/libexpat/libexpat/pull/559/commits/eb0362808b4f9f1e2345a0cf203b8cc196d776d9

CVE: CVE-2022-25315

Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/expat/expat/CVE-2022-25315.patch [new file with mode: 0644] blob
meta/recipes-core/expat/expat_2.2.9.bb diff | blob | history
Mirror of the official openembedded-core repository