libxml2: Fix CVE-2017-9047 and CVE-2017-9048

xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 and bug 781701 CVE: CVE-2017-9047 CVE-2017-9048 (From OE-Core rev: bb0af023e811907b4e641b39f654ca921ac8794a) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Andrej Valek <andrej.valek@siemens.com> 2017-06-14 14:55:03 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-06-23 11:44:13 +0100
commit: 1a4f1ccdcc51b7d97ab66214675357b6c2c075f8 (patch)
tree: 19dfe06bfccaf794cc2adf58ef24d3bd9a2ee9b2 /meta/recipes-core/libxml/libxml2_2.9.4.bb
parent: 6765fcec154b1c81250c124fcb46414dcac9be12 (diff)
download: poky-1a4f1ccdcc51b7d97ab66214675357b6c2c075f8.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index 0577ad6509..dd2e034e2a 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -24,6 +24,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
           file://libxml2-CVE-2016-4658.patch \
           file://libxml2-fix_NULL_pointer_derefs.patch \
           file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
+           file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
           file://CVE-2016-9318.patch \
           file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
           "
author	Andrej Valek <andrej.valek@siemens.com>	2017-06-14 14:55:03 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-06-23 11:44:13 +0100
commit	1a4f1ccdcc51b7d97ab66214675357b6c2c075f8 (patch)
tree	19dfe06bfccaf794cc2adf58ef24d3bd9a2ee9b2 /meta/recipes-core/libxml/libxml2_2.9.4.bb
parent	6765fcec154b1c81250c124fcb46414dcac9be12 (diff)
download	poky-1a4f1ccdcc51b7d97ab66214675357b6c2c075f8.tar.gz

diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb index 0577ad6509..dd2e034e2a 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -24,6 +24,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
24	file://libxml2-CVE-2016-4658.patch \	24	file://libxml2-CVE-2016-4658.patch \
25	file://libxml2-fix_NULL_pointer_derefs.patch \	25	file://libxml2-fix_NULL_pointer_derefs.patch \
26	file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \	26	file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
		27	file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
27	file://CVE-2016-9318.patch \	28	file://CVE-2016-9318.patch \
28	file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \	29	file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
29	"	30	"