summaryrefslogtreecommitdiffstats
path: root/scripts/lib/scriptpath.py
diff options
context:
space:
mode:
authorSteve Sakoman <steve@sakoman.com>2022-01-19 04:33:49 -1000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-01-31 21:56:01 +0000
commit6fe3635445523a38500c6884af39d947cc9033eb (patch)
tree45b25af9a649b76dec387ce78a60a6b12a6e73b8 /scripts/lib/scriptpath.py
parent215d753cef95632cbdbe6647288c06f7b6b63a8c (diff)
downloadpoky-6fe3635445523a38500c6884af39d947cc9033eb.tar.gz
expat fix CVE-2022-22822 through CVE-2022-22827
xmlparse.c has multiple integer overflows. The involved functions are: - addBinding (CVE-2022-22822) - build_model (CVE-2022-22823) - defineAttribute (CVE-2022-22824) - lookup (CVE-2022-22825) - nextScaffoldPart (CVE-2022-22826) - storeAtts (CVE-2022-22827) Backport patch from: https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e CVE: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 (From OE-Core rev: 0d195a98703d690a348719f77e7be78653d14ad3) Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit 3b6c47c0ebae9fdb7a13480daf8f46a8dbb2c9bd) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts/lib/scriptpath.py')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-10-10 03:13:10 +0000