From bbd6d07c98149201a51086da9a069d207c4777d5 Mon Sep 17 00:00:00 2001
From: Armin Kuster <akuster@mvista.com>
Date: Thu, 29 Oct 2015 16:22:41 -0700
Subject: libxslt: CVE-2015-7995

This is a is being give a High rating so please consider it for
all 1.1.28 versions.

A type confusion error within the libxslt "xsltStylePreCompute()"
function in preproc.c can lead to a DoS. Confirmed in version 1.1.28,
other versions may also be affected.

(From OE-Core rev: 0f89bbab6588a1171259801fa879516740030acb)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-support/libxslt/libxslt_1.1.28.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'meta/recipes-support/libxslt/libxslt_1.1.28.bb')

diff --git a/meta/recipes-support/libxslt/libxslt_1.1.28.bb b/meta/recipes-support/libxslt/libxslt_1.1.28.bb
index 166bcd86e7..87fabecda0 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.28.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.28.bb
@@ -10,7 +10,8 @@ DEPENDS = "libxml2"
 
 SRC_URI = "ftp://xmlsoft.org/libxslt//libxslt-${PV}.tar.gz \
            file://pkgconfig_fix.patch \
-           file://pkgconfig.patch"
+           file://pkgconfig.patch \
+           file://CVE-2015-7995.patch"
 
 SRC_URI[md5sum] = "9667bf6f9310b957254fdcf6596600b7"
 SRC_URI[sha256sum] = "5fc7151a57b89c03d7b825df5a0fae0a8d5f05674c0e7cf2937ecec4d54a028c"
-- 
cgit v1.2.3-54-g00ecf