]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d549b8f) | patch
libxml2: Fix CVE-2017-9049 and CVE-2017-9050
authorAndrej Valek <andrej.valek@siemens.com>
Wed, 14 Jun 2017 12:58:47 +0000 (14:58 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 27 Jul 2017 21:34:37 +0000 (22:34 +0100)
commita409c50a09b12caa434b2b06bdcfb6beba43f67f
tree8009505a38051da10080f93b0514bd26af59f821tree | snapshot
parentd549b8f3836b2ffda5c59a7ae4d955846c558646commit | diff
libxml2: Fix CVE-2017-9049 and CVE-2017-9050

Fix handling of parameter-entity references

There were two bugs where parameter-entity references could lead to an
unexpected change of the input buffer in xmlParseNameComplex and
xmlDictLookup being called with an invalid pointer.

Fixes bug 781205 and bug 781361

CVE: CVE-2017-9049 CVE-2017-9050
(From OE-Core rev: 2300762fef8fc8e3e56fb07fd4076c1deeba0a9b)

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch [new file with mode: 0644] blob
meta/recipes-core/libxml/libxml2_2.9.4.bb diff | blob | history
Mirror of the official openembedded-core repository