]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 96ef568) | patch
libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ranges
authorAndrej Valek <andrej.valek@siemens.com>
Mon, 12 Dec 2016 13:20:20 +0000 (14:20 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 16 Dec 2016 08:30:01 +0000 (08:30 +0000)
commit00e928bd1c2aed9caeaf9e411743805d2139a023
tree82ad7f61ead5a71f39effc480b27f8248c1ac3edtree | snapshot
parent96ef568f75dded56a2123b63dcc8b443f796afe0commit | diff
libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ranges

Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch [new file with mode: 0644] blob
meta/recipes-core/libxml/libxml2_2.9.4.bb diff | blob | history
Mirror of the official openembedded-core repository