expat: fix CVE-2021-45960 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Steve Sakoman <steve@sakoman.com>	2022-01-19 04:51:17 -1000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-01-31 21:56:01 +0000
commit	b769089b44b19dbc73c304c88b2ed67a4e03d844 (patch)
tree	a8bbefe7c922565c28e2f5b094ea7addf4a82e92 /scripts/lib/scriptpath.py
parent	6fe3635445523a38500c6884af39d947cc9033eb (diff)
download	poky-b769089b44b19dbc73c304c88b2ed67a4e03d844.tar.gz

expat: fix CVE-2021-45960

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). Backport patch from: https://github.com/libexpat/libexpat/pull/534/commits/0adcb34c49bee5b19bd29b16a578c510c23597ea CVE: CVE-2021-45960 (From OE-Core rev: 8d475823acf95d81596c1c125bc7dd4d0e0f5f1c) Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit 22fe1dea3164a5cd4d5636376f3671641ada1da9) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/scriptpath.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: