libxml2: CVE-2016-9318 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Catalin Enache <catalin.enache@windriver.com>	2017-04-14 11:43:32 +0300
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-04-29 11:17:23 +0100
commit	d7ec005904b456c62a226efd5c6931e81459052a (patch)
tree	fbbb0318d9e97a4c8d29645bc2822ce8233c5c93 /meta/recipes-multimedia/gstreamer
parent	5970acb3fe28d4af59834b5cacb2d8d4d3511506 (diff)
download	poky-d7ec005904b456c62a226efd5c6931e81459052a.tar.gz

libxml2: CVE-2016-9318

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0 (From OE-Core rev: 0dd44c00e3b2fbc3befc3f361624a3a60161d979) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-multimedia/gstreamer')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: