diff options
author | Andrej Valek <andrej.valek@siemens.com> | 2017-06-14 14:58:47 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-06-23 11:44:13 +0100 |
commit | 371ba8c74332b6ab2d9062edadc93c688751e4ab (patch) | |
tree | a4cac38d29cf01a6c85890f05a7984e7a35a5f81 /meta/recipes-core/sysfsutils | |
parent | 1a4f1ccdcc51b7d97ab66214675357b6c2c075f8 (diff) | |
download | poky-371ba8c74332b6ab2d9062edadc93c688751e4ab.tar.gz |
libxml2: Fix CVE-2017-9049 and CVE-2017-9050
Fix handling of parameter-entity references
There were two bugs where parameter-entity references could lead to an
unexpected change of the input buffer in xmlParseNameComplex and
xmlDictLookup being called with an invalid pointer.
Fixes bug 781205 and bug 781361
CVE: CVE-2017-9049 CVE-2017-9050
(From OE-Core rev: 2300762fef8fc8e3e56fb07fd4076c1deeba0a9b)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/sysfsutils')
0 files changed, 0 insertions, 0 deletions