summaryrefslogtreecommitdiffstats
path: root/recipes-core/libxml/libxml2
Commit message (Collapse)AuthorAgeFilesLines
* libxml2: CVE-2017-8872Sona Sarmadi2017-09-261-0/+41
| | | | | | | | | | | | | Out-of-bounds read in htmlParseTryOrFinish Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872 Backported from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=pyro&id=d2b60efe20f4d9dce03f8f351715b103a85b7338 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* libxml2: CVE-2017-0663Sona Sarmadi2017-09-061-0/+47
| | | | | | | | | | | | | A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Reference: https://security-tracker.debian.org/tracker/CVE-2017-0663 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* libxml2: CVE-2017-9049 and CVE-2017-9050Sona Sarmadi2017-08-211-0/+321
| | | | | | | | | | | | References: CVE-2017-9049: Heap-based buffer over-read in function xmlDictComputeFastKey http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049 CVE-2017-9050: Heap-based buffer over-read in function xmlDictAddString http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* libxml2: CVE-2017-9047 and CVE-2017-9048Sona Sarmadi2017-08-211-0/+118
| | | | | | | | | | | | References: CVE-2017-9047: Buffer overflow in function xmlSnprintfElementContent http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047 CVE-2017-9048: Stack-based buffer overflow in function http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* libxml2: CVE-2017-5969Sona Sarmadi2017-08-211-0/+68
Fixes a NULL pointer dereference in libxml2, when using xmllint --recover. A maliciously crafted file, when parsed in recovery mode, could cause the application to crash. Reference https://bugzilla.gnome.org/show_bug.cgi?id=778519 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-28 16:09:54 +0000