summaryrefslogtreecommitdiffstats
path: root/recipes-core/libxml
Commit message (Collapse)AuthorAgeFilesLines
* libxml2: Fix CVEsAndreas Wellving2018-10-255-0/+257
| | | | | | | | | | | | | | | | | | | CVE: CVE-2017-16932 CVE-2017-5130 CVE-2017-7375 CVE-2017-7376 Libxml2 in the upstream pyro is 2.9.4 CVE-2017-7376: For the stable distribution (stretch), these problems have been fixed in version 2.9.4+dfsg1-2.2+deb9u1 CVE-2017-7375: stretch (security) 2.9.4+dfsg1-2.2+deb9u2 Reference: CVE-2017-16932 https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961 CVE-2017-5130 https://gitlab.gnome.org/GNOME/libxml2/commit/897dffbae322b46b83f99a607d527058a72c51ed CVE-2017-7375 https://gitlab.gnome.org/GNOME/libxml2/commit/90ccb58242866b0ba3edbef8fe44214a101c2b3e CVE-2017-7376 https://gitlab.gnome.org/GNOME/libxml2/commit/5dca9eea1bd4263bfa4d037ab2443de1cd730f7e Change-Id: Icf68eea8e0916be2bc9f3e844f7d38f6fae75300 Signed-off-by: Andreas Wellving <andreas.wellving@enea.com> Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com>
* libxml: Remove CVE fixesAdrian Dudau2017-11-246-605/+0
| | | | | | These have been fixed already in upstream poky/pyro. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* libxml2: CVE-2017-8872Sona Sarmadi2017-09-262-0/+42
| | | | | | | | | | | | | Out-of-bounds read in htmlParseTryOrFinish Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872 Backported from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=pyro&id=d2b60efe20f4d9dce03f8f351715b103a85b7338 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* libxml2: CVE-2017-0663Sona Sarmadi2017-09-062-1/+49
| | | | | | | | | | | | | A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Reference: https://security-tracker.debian.org/tracker/CVE-2017-0663 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* libxml2: CVE-2017-9049 and CVE-2017-9050Sona Sarmadi2017-08-212-0/+322
| | | | | | | | | | | | References: CVE-2017-9049: Heap-based buffer over-read in function xmlDictComputeFastKey http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049 CVE-2017-9050: Heap-based buffer over-read in function xmlDictAddString http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* libxml2: CVE-2017-9047 and CVE-2017-9048Sona Sarmadi2017-08-212-0/+119
| | | | | | | | | | | | References: CVE-2017-9047: Buffer overflow in function xmlSnprintfElementContent http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047 CVE-2017-9048: Stack-based buffer overflow in function http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* libxml2: CVE-2017-5969Sona Sarmadi2017-08-212-0/+74
Fixes a NULL pointer dereference in libxml2, when using xmllint --recover. A maliciously crafted file, when parsed in recovery mode, could cause the application to crash. Reference https://bugzilla.gnome.org/show_bug.cgi?id=778519 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-20 16:43:09 +0000