libxml2: Fix CVE-2017-9049 and CVE-2017-9050 - linux/poky.git

diff options

author	Andrej Valek <andrej.valek@siemens.com>	2017-06-14 14:58:47 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-07-27 22:36:44 +0100
commit	93b0d29184419318cda433bb0a764f8f2a7eeb6a (patch)
tree	5e9aae8aad7adec32de8526277b2b4418c54acef /bitbake/LICENSE
parent	b611c4c7c04935d22a8a36bc0eabdbfe5b85aafd (diff)
download	poky-93b0d29184419318cda433bb0a764f8f2a7eeb6a.tar.gz

libxml2: Fix CVE-2017-9049 and CVE-2017-9050

Fix handling of parameter-entity references There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Fixes bug 781205 and bug 781361 CVE: CVE-2017-9049 CVE-2017-9050 (From OE-Core rev: 2300762fef8fc8e3e56fb07fd4076c1deeba0a9b) (From OE-Core rev: a409c50a09b12caa434b2b06bdcfb6beba43f67f) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'bitbake/LICENSE')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: