summaryrefslogtreecommitdiffstats
path: root/scripts/lib/scriptutils.py
diff options
context:
space:
mode:
authorSteve Sakoman <steve@sakoman.com>2022-01-19 04:33:49 -1000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-01-25 12:06:55 +0000
commit95491a12eacdd84b113cf11cdc14489564e484d1 (patch)
tree9d85fe6c1dd7774a540b1aa4b661861e74fbdfb7 /scripts/lib/scriptutils.py
parent6348d2d8a03a5763778b6b9c75bbb51423ab7bfd (diff)
downloadpoky-95491a12eacdd84b113cf11cdc14489564e484d1.tar.gz
expat fix CVE-2022-22822 through CVE-2022-22827
xmlparse.c has multiple integer overflows. The involved functions are: - addBinding (CVE-2022-22822) - build_model (CVE-2022-22823) - defineAttribute (CVE-2022-22824) - lookup (CVE-2022-22825) - nextScaffoldPart (CVE-2022-22826) - storeAtts (CVE-2022-22827) Backport patch from: https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e CVE: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 (From OE-Core rev: 3b6c47c0ebae9fdb7a13480daf8f46a8dbb2c9bd) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts/lib/scriptutils.py')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-06-19 15:36:53 +0000