From 371ba8c74332b6ab2d9062edadc93c688751e4ab Mon Sep 17 00:00:00 2001
From: Andrej Valek <andrej.valek@siemens.com>
Date: Wed, 14 Jun 2017 14:58:47 +0200
Subject: libxml2: Fix CVE-2017-9049 and CVE-2017-9050

Fix handling of parameter-entity references

There were two bugs where parameter-entity references could lead to an
unexpected change of the input buffer in xmlParseNameComplex and
xmlDictLookup being called with an invalid pointer.

Fixes bug 781205 and bug 781361

CVE: CVE-2017-9049 CVE-2017-9050
(From OE-Core rev: 2300762fef8fc8e3e56fb07fd4076c1deeba0a9b)

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-core/libxml/libxml2_2.9.4.bb')

diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index dd2e034e2a..3f78c2de63 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -25,6 +25,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
            file://libxml2-fix_NULL_pointer_derefs.patch \
            file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
            file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
+           file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
            file://CVE-2016-9318.patch \
            file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
            "
-- 
cgit v1.2.3-54-g00ecf