+++ /dev/null
-libxml2: CVE-2015-7942
-
-From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Mon, 23 Feb 2015 11:29:20 +0800
-Subject: Cleanup conditional section error handling
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=744980
-
-The error handling of Conditional Section also need to be
-straightened as the structure of the document can't be
-guessed on a failure there and it's better to stop parsing
-as further errors are likely to be irrelevant.
-
-Upstream-Status: Backport
-https://git.gnome.org/browse/libxml2/patch/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489
-
-[YOCTO #8641]
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- parser.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-Index: libxml2-2.9.2/parser.c
-===================================================================
---- libxml2-2.9.2.orig/parser.c
-+++ libxml2-2.9.2/parser.c
-@@ -6783,6 +6783,8 @@ xmlParseConditionalSections(xmlParserCtx
- SKIP_BLANKS;
- if (RAW != '[') {
- xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
-+ xmlStopParser(ctxt);
-+ return;
- } else {
- if (ctxt->input->id != id) {
- xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
-@@ -6843,6 +6845,8 @@ xmlParseConditionalSections(xmlParserCtx
- SKIP_BLANKS;
- if (RAW != '[') {
- xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
-+ xmlStopParser(ctxt);
-+ return;
- } else {
- if (ctxt->input->id != id) {
- xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
-@@ -6898,6 +6902,8 @@ xmlParseConditionalSections(xmlParserCtx
-
- } else {
- xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
-+ xmlStopParser(ctxt);
-+ return;
- }
-
- if (RAW == 0)
+++ /dev/null
-libxml2: CVE-2015-8035
-
-From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 3 Nov 2015 15:31:25 +0800
-Subject: CVE-2015-8035 Fix XZ compression support loop
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=757466
-DoS when parsing specially crafted XML document if XZ support
-is compiled in (which wasn't the case for 2.9.2 and master since
-Nov 2013, fixed in next commit !)
-
-Upstream-Status: Backport
-https://git.gnome.org/browse/libxml2/patch/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63
-
-[YOCTO #8641]
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- xzlib.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/xzlib.c b/xzlib.c
-index 0dcb9f4..1fab546 100644
---- a/xzlib.c
-+++ b/xzlib.c
-@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
- xz_error(state, LZMA_DATA_ERROR, "compressed data error");
- return -1;
- }
-+ if (ret == LZMA_PROG_ERROR) {
-+ xz_error(state, LZMA_PROG_ERROR, "compression error");
-+ return -1;
-+ }
- } while (strm->avail_out && ret != LZMA_STREAM_END);
-
- /* update available output and crc check value */
---
-cgit v0.11.2
-
