expat: Fix CVE-2022-43680 for expat - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>	2022-11-03 10:43:20 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-11-09 17:42:03 +0000
commit	5502d7326cc5e8da56227457a2f874d22cd49389 (patch)
tree	649940960ad54e3cfa7604651bfe5e8731d475d4 /scripts/lib/scriptpath.py
parent	32c25a02023aabb9add718ff1c398ec45b0105d6 (diff)
download	poky-5502d7326cc5e8da56227457a2f874d22cd49389.tar.gz

expat: Fix CVE-2022-43680 for expat

Add a patch to fix CVE-2022-43680 issue where use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations Link: https://nvd.nist.gov/vuln/detail/CVE-2022-43680 (From OE-Core rev: ac4476e6594417b14bfb05a110009ef245f419b0) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/scriptpath.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: