libxml2: Fix CVE-2021-3541 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Tony Tascioglu <tony.tascioglu@windriver.com>	2021-05-20 17:45:42 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-05-30 08:19:35 +0100
commit	bc872bd77923210831de67cfdc50e753bfa9f1e5 (patch)
tree	539a31b2ed592551e0a0cca0d5b46fee9ba71b18 /LICENSE
parent	ad30955575ccfcb07db11e7d42b5500c605aacbc (diff)
download	poky-bc872bd77923210831de67cfdc50e753bfa9f1e5.tar.gz

libxml2: Fix CVE-2021-3541

Upstream commit: This is related to parameter entities expansion and following the line of the billion laugh attack. Somehow in that path the counting of parameters was missed and the normal algorithm based on entities "density" was useless. CVE: CVE-2021-3541 Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e] (From OE-Core rev: e1e04de65e24d1596d800d7f8e85f98bb7f72632) Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'LICENSE')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: