]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 3b37cbd) | patch
libxml2: Fix CVE-2020-24977
authorOvidiu Panait <ovidiu.panait@windriver.com>
Wed, 9 Sep 2020 08:11:53 +0000 (11:11 +0300)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 9 Sep 2020 09:11:59 +0000 (10:11 +0100)
commit92dc02b8f03f3586de0a2ec1463b189a3918e303
treeeb7f845437a0eb32d1b5f4a1c3c72e954f6acb68tree | snapshot
parent3b37cbd53219d9c10640b462aa91991d8cbc2a23commit | diff
libxml2: Fix CVE-2020-24977

GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow
vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has
been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1).

Reference:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/178

Upstream patch:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch [new file with mode: 0644] blob
meta/recipes-core/libxml/libxml2_2.9.10.bb diff | blob | history
Mirror of the official openembedded-core repository