]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 6af1019) | patch
expat: fix CVE-2013-0340
authorJasper Orschulko <jasper@fancydomain.eu>
Wed, 16 Jun 2021 17:16:40 +0000 (19:16 +0200)
committerSteve Sakoman <steve@sakoman.com>
Sun, 27 Jun 2021 19:24:23 +0000 (09:24 -1000)
commitb0b843797321360693172c57f2400b9c56ca51cf
treec678659dbbae14ccca27409134838256150f3ee7tree | snapshot
parent6af101983c5e7e9d0d000f9fe64b9bd40792bbc9commit | diff
expat: fix CVE-2013-0340

expat < 4.0 is vulnerable to billion laughs attacks (see
[https://github.com/libexpat/libexpat/issues/34]). This patch backports
the commits b1d039607d3d8a042bf0466bfcc1c0f104e353c8
and 60959f2b491876199879d97c8ed956eabb0c2e73 from upstream.

Additionally, the SRC_URI had to be adjusted due to renaming of the
source archive

Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/expat/expat/CVE-2013-0340.patch [new file with mode: 0644] blob
meta/recipes-core/expat/expat/libtool-tag.patch diff | blob | history
meta/recipes-core/expat/expat_2.2.9.bb diff | blob | history
Mirror of the official openembedded-core repository