]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 8d47582) | patch
expat: fix CVE-2021-46143
authorSteve Sakoman <steve@sakoman.com>
Wed, 19 Jan 2022 14:59:07 +0000 (04:59 -1000)
committerAnuj Mittal <anuj.mittal@intel.com>
Wed, 26 Jan 2022 03:40:00 +0000 (11:40 +0800)
commitbabe185972eb71058762ca20c349ba2651d0f73d
treecf9b31708b2fcd3fc663d919f7aaa195bdc00080tree | snapshot
parent8d475823acf95d81596c1c125bc7dd4d0e0f5f1ccommit | diff
expat: fix CVE-2021-46143

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an
integer overflow exists for m_groupSize.

Backport patch from:
https://github.com/libexpat/libexpat/pull/538/commits/85ae9a2d7d0e9358f356b33977b842df8ebaec2b

CVE: CVE-2021-46143
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 41a65d27e4ecdc11977e2944d8af2f51c48f32ec)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
meta/recipes-core/expat/expat/CVE-2021-46143.patch [new file with mode: 0644] blob
meta/recipes-core/expat/expat_2.2.10.bb diff | blob | history
Mirror of the official openembedded-core repository