Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | expat: fix CVE-2022-23852 | Steve Sakoman | 2022-02-16 | 1 | -0/+33 |
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer for configurations with a nonzero XML_CONTEXT_BYTES. Backport patch from: https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 CVE: CVE-2022-23852 (From OE-Core rev: 37b618d44ebd965ba17bb61ddf6428cdaea876e5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |