code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Tony Tascioglu <tony.tascioglu@windriver.com>
	Thu, 20 May 2021 21:45:42 +0000 (17:45 -0400)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Sat, 22 May 2021 09:57:24 +0000 (10:57 +0100)
commit	e1e04de65e24d1596d800d7f8e85f98bb7f72632
tree	ceaefb79ecbf8ebfb07b04bff3977a0a3c0e9450	tree \| snapshot
parent	6c59d33ee158129d5c0cca3cce65824f9bc4e7e3	commit \| diff

libxml2: Fix CVE-2021-3541

Upstream commit:
This is related to parameter entities expansion and following
the line of the billion laugh attack. Somehow in that path the
counting of parameters was missed and the normal algorithm based
on entities "density" was useless.

CVE: CVE-2021-3541
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e]

Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-core/libxml/libxml2/CVE-2021-3541.patch	[new file with mode: 0644]	blob
meta/recipes-core/libxml/libxml2_2.9.10.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom