libxml2: fix CVE-2014-0191 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Maxin B. John <maxin.john@enea.com>	2014-05-07 14:24:15 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-05-08 13:00:34 +0100
commit	e7e433413d241a1f266f3bd3bef155f1c1b8b3ed (patch)
tree	181182ad93ce54c979bf5d940aa2110dad7d5c37 /meta/lib
parent	e846e0fb09f7c3b9f298846c88df81c39b1576f9 (diff)
download	poky-e7e433413d241a1f266f3bd3bef155f1c1b8b3ed.tar.gz

libxml2: fix CVE-2014-0191

It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors. Reference: https://access.redhat.com/security/cve/CVE-2014-0191 (From OE-Core rev: 674bd59d5e357a4aba18c472ac21712a660a84af) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: