From aa346581fd60d3e4ee2ce6d899594c238ebf0560 Mon Sep 17 00:00:00 2001
From: Andrej Valek <andrej.valek@siemens.com>
Date: Mon, 12 Dec 2016 14:20:20 +0100
Subject: libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer
 points and ranges

Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.

(From OE-Core rev: 00e928bd1c2aed9caeaf9e411743805d2139a023)

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-core/libxml/libxml2_2.9.4.bb')

diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index 66a89400e5..a1d1e9e12d 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -21,6 +21,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
            file://libxml-m4-use-pkgconfig.patch \
            file://libxml2-fix_node_comparison.patch \
            file://libxml2-CVE-2016-5131.patch \
+           file://libxml2-CVE-2016-4658.patch \
           "
 
 SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
-- 
cgit v1.2.3-54-g00ecf