]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: ad11e4a) | patch
libxml2: Fix CVE-2020-24977
authorOvidiu Panait <ovidiu.panait@windriver.com>
Wed, 9 Sep 2020 08:11:53 +0000 (11:11 +0300)
committerSteve Sakoman <steve@sakoman.com>
Mon, 14 Sep 2020 14:26:37 +0000 (04:26 -1000)
commitd5406b389fcae8fb0f5fc9cc7dbf7ee819c04bc8
tree5bed53031d6fcfdd37437c242285df69060a9e9ftree | snapshot
parentad11e4a9afea5a4c9dd34a7fa37b82efd61952a4commit | diff
libxml2: Fix CVE-2020-24977

GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow
vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has
been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1).

Reference:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/178

Upstream patch:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 92dc02b8f03f3586de0a2ec1463b189a3918e303)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch [new file with mode: 0644] blob
meta/recipes-core/libxml/libxml2_2.9.10.bb diff | blob | history
Mirror of the official openembedded-core repository