]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: b0b8437) | patch
libxml2: Fix CVE-2021-3518
authorJasper Orschulko <jasper@fancydomain.eu>
Mon, 21 Jun 2021 15:33:22 +0000 (17:33 +0200)
committerSteve Sakoman <steve@sakoman.com>
Sun, 27 Jun 2021 19:24:23 +0000 (09:24 -1000)
commitef2a81a473e7c36a36facb209ca907a7439d36f2
tree7747a7e42bfc32e72c9e7c719145a4e302a96863tree | snapshot
parentb0b843797321360693172c57f2400b9c56ca51cfcommit | diff
libxml2: Fix CVE-2021-3518

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Upstream-Status: Backport [from fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=1954243]

Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/libxml/libxml2/CVE-2021-3518.patch [new file with mode: 0644] blob
meta/recipes-core/libxml/libxml2_2.9.10.bb diff | blob | history
Mirror of the official openembedded-core repository