| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE: CVE-2017-16932 CVE-2017-5130 CVE-2017-7375 CVE-2017-7376
Libxml2 in the upstream pyro is 2.9.4
CVE-2017-7376: For the stable distribution (stretch), these problems
have been fixed in version 2.9.4+dfsg1-2.2+deb9u1
CVE-2017-7375: stretch (security) 2.9.4+dfsg1-2.2+deb9u2
Reference:
CVE-2017-16932 https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
CVE-2017-5130 https://gitlab.gnome.org/GNOME/libxml2/commit/897dffbae322b46b83f99a607d527058a72c51ed
CVE-2017-7375 https://gitlab.gnome.org/GNOME/libxml2/commit/90ccb58242866b0ba3edbef8fe44214a101c2b3e
CVE-2017-7376 https://gitlab.gnome.org/GNOME/libxml2/commit/5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
Change-Id: Icf68eea8e0916be2bc9f3e844f7d38f6fae75300
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com>
|
|
|
|
|
|
| |
These have been fixed already in upstream poky/pyro.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Out-of-bounds read in htmlParseTryOrFinish
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872
Backported from:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=pyro&id=d2b60efe20f4d9dce03f8f351715b103a85b7338
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A remote code execution vulnerability in libxml2 could enable an attacker
using a specially crafted file to execute arbitrary code within the context
of an unprivileged process. This issue is rated as High due to the
possibility of remote code execution in an application that uses this library.
Reference:
https://security-tracker.debian.org/tracker/CVE-2017-0663
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
References:
CVE-2017-9049: Heap-based buffer over-read in function xmlDictComputeFastKey
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
CVE-2017-9050: Heap-based buffer over-read in function xmlDictAddString
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
References:
CVE-2017-9047: Buffer overflow in function xmlSnprintfElementContent
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
CVE-2017-9048: Stack-based buffer overflow in function
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
Fixes a NULL pointer dereference in libxml2, when using
xmllint --recover. A maliciously crafted file, when parsed
in recovery mode, could cause the application to crash.
Reference
https://bugzilla.gnome.org/show_bug.cgi?id=778519
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|