expat: fix CVE-2021-45960 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Steve Sakoman <steve@sakoman.com>	2022-01-19 04:51:17 -1000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-01-25 12:06:55 +0000
commit	b618e57f798148c3d032129cf1e60fd209730dfd (patch)
tree	b48f83d0b338c67ef218ffa63a059430d84ef754 /scripts/lib/scriptutils.py
parent	95491a12eacdd84b113cf11cdc14489564e484d1 (diff)
download	poky-b618e57f798148c3d032129cf1e60fd209730dfd.tar.gz

expat: fix CVE-2021-45960

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). Backport patch from: https://github.com/libexpat/libexpat/pull/534/commits/0adcb34c49bee5b19bd29b16a578c510c23597ea CVE: CVE-2021-45960 (From OE-Core rev: 22fe1dea3164a5cd4d5636376f3671641ada1da9) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/scriptutils.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: