1 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch b/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch
new file mode 100644
index 0000000000..5365d5546a
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch
@@ -0,0 +1,33 @@
+From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 14 Oct 2023 22:45:54 +0200
+Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
+ backtracking
+Fixes a use-after-free if XML Reader if used with DTD validation and
+XInclude expansion.
+Fixes #604.
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7]
+CVE: CVE-2024-25062
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xmlreader.c | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/xmlreader.c b/xmlreader.c
+index 979385a13..fefd68e0b 100644
+--- a/xmlreader.c
+++ b/xmlreader.c
+@@ -1443,6 +1443,7 @@ node_found:
+      * Handle XInclude if asked for
+      */
+     if ((reader->xinclude) && (reader->in_xinclude == 0) &&
+        (reader->state != XML_TEXTREADER_BACKTRACK) &&
+         (reader->node != NULL) &&
+        (reader->node->type == XML_ELEMENT_NODE) &&
+        (reader->node->ns != NULL) &&
+-- 
+GitLab

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch b/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch new file mode 100644 index 0000000000..5365d5546a --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch
@@ -0,0 +1,33 @@
	1	From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001
	2	From: Nick Wellnhofer <wellnhofer@aevum.de>
	3	Date: Sat, 14 Oct 2023 22:45:54 +0200
	4	Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
	5	backtracking
	6
	7	Fixes a use-after-free if XML Reader if used with DTD validation and
	8	XInclude expansion.
	9
	10	Fixes #604.
	11
	12	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7]
	13	CVE: CVE-2024-25062
	14	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	15	---
	16	xmlreader.c \| 1 +
	17	1 file changed, 1 insertion(+)
	18
	19	diff --git a/xmlreader.c b/xmlreader.c
	20	index 979385a13..fefd68e0b 100644
	21	--- a/xmlreader.c
	22	+++ b/xmlreader.c
	23	@@ -1443,6 +1443,7 @@ node_found:
	24	* Handle XInclude if asked for
	25	*/
	26	if ((reader->xinclude) && (reader->in_xinclude == 0) &&
	27	+ (reader->state != XML_TEXTREADER_BACKTRACK) &&
	28	(reader->node != NULL) &&
	29	(reader->node->type == XML_ELEMENT_NODE) &&
	30	(reader->node->ns != NULL) &&
	31	--
	32	GitLab
	33