]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 68b0f3a) | patch
libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ranges
authorAndrej Valek <andrej.valek@siemens.com>
Mon, 12 Dec 2016 13:20:20 +0000 (14:20 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 11 Jan 2017 11:46:53 +0000 (11:46 +0000)
commitcf810d5cc17cb6b9f53d21a404c89afe372accb7
tree019dde324ae5740f4cd411c1c3ae13b4bf0396e4tree | snapshot
parent68b0f3a0bf8dfdf49be4aed1745a7f50662c555dcommit | diff
libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ranges

Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.

(From OE-Core rev: 00e928bd1c2aed9caeaf9e411743805d2139a023)

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch [new file with mode: 0644] blob
meta/recipes-core/libxml/libxml2_2.9.4.bb diff | blob | history
Mirror of the official openembedded-core repository