diff options
author | Steve Sakoman <steve@sakoman.com> | 2022-02-28 05:43:58 -1000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-03-09 17:30:48 +0000 |
commit | e173db21d0899a5cb185f01f8aaf92156d3e910c (patch) | |
tree | 1698cef9239d34c763761f62a30495148fd1643f /meta/site/powerpc-darwin | |
parent | 746111afa001dc99c95fc56dc242b5f00a0bc1b9 (diff) | |
download | poky-e173db21d0899a5cb185f01f8aaf92156d3e910c.tar.gz |
expat: fix CVE-2022-25313
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack
exhaustion in build_model via a large nesting depth in the DTD element.
Backport patch from:
https://github.com/libexpat/libexpat/pull/558/commits/9b4ce651b26557f16103c3a366c91934ecd439ab
Also add patch which fixes a regression introduced in the above fix:
https://github.com/libexpat/libexpat/pull/566
CVE: CVE-2022-25313
(From OE-Core rev: 8105700b1d6d23c87332f453bdc7379999bb4b03)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/site/powerpc-darwin')
0 files changed, 0 insertions, 0 deletions