libxml2: fix CVE-2025-6021 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	hongxu <hongxu.jia@eng.windriver.com>	2025-06-16 13:00:53 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-06-16 17:57:30 +0100
commit	134890aca02ec80ea54c91e42c50848eb4293145 (patch)
tree	c6507c0c4d4c151d55e36a44554ba3e7a632a5fc /scripts/lib/wic/engine.py
parent	32232d2ec1f32bb0de6e9bde7c7f19a470bf6d8c (diff)
download	poky-134890aca02ec80ea54c91e42c50848eb4293145.tar.gz

libxml2: fix CVE-2025-6021

According to [1] A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. Refer debian [2], backport a fix [3] from upstream [1] https://nvd.nist.gov/vuln/detail/CVE-2025-6021 [2] https://security-tracker.debian.org/tracker/CVE-2025-6021 [3] https://gitlab.gnome.org/GNOME/libxml2/-/commit/acbbeef9f5dcdcc901c5f3fa14d583ef8cfd22f0 (From OE-Core rev: e3a6bf785656243b5adc0775f7480a1eb0e4ae4c) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/wic/engine.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: