Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | expat: add missing Upstream-status, CVE tag and sign-off to CVE-2021-46143.patch | Steve Sakoman | 2022-02-16 | 1 | -0/+6 |
| | | | | | | | (From OE-Core rev: f79b134c1ad77d7f508f443c1d155c898620087f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||||
* | expat: fix CVE-2021-46143 | Steve Sakoman | 2022-01-25 | 1 | -0/+43 |
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. Backport patch from: https://github.com/libexpat/libexpat/pull/538/commits/85ae9a2d7d0e9358f356b33977b842df8ebaec2b CVE: CVE-2021-46143 (From OE-Core rev: 41a65d27e4ecdc11977e2944d8af2f51c48f32ec) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |