]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 8105700) | patch
expat: fix CVE-2022-25314
authorSteve Sakoman <steve@sakoman.com>
Mon, 28 Feb 2022 15:52:10 +0000 (05:52 -1000)
committerSteve Sakoman <steve@sakoman.com>
Thu, 3 Mar 2022 17:43:07 +0000 (07:43 -1000)
commitb92c33285c5f886c95a3734e61007b522b62a71f
tree25cf4f20f0260314ac912ba394e6af501c681a02tree | snapshot
parent8105700b1d6d23c87332f453bdc7379999bb4b03commit | diff
expat: fix CVE-2022-25314

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in
copyString.

Backport patch from:
https://github.com/libexpat/libexpat/pull/560/commits/efcb347440ade24b9f1054671e6bd05e60b4cafd

CVE: CVE-2022-25314

Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/expat/expat/CVE-2022-25314.patch [new file with mode: 0644] blob
meta/recipes-core/expat/expat_2.2.9.bb diff | blob | history
Mirror of the official openembedded-core repository