expat: fix CVE-2022-23852 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Steve Sakoman <steve@sakoman.com>	2022-01-31 07:08:36 -1000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-10 13:25:48 +0000
commit	85dd9e10bd16be17720a898fd3110f2fb5f659e5 (patch)
tree	0413b6236a681fb72acd839dcf41a14663f0d951 /scripts/lib/scriptutils.py
parent	ba91997abebecad4f9a5162d729ed854119f046d (diff)
download	poky-85dd9e10bd16be17720a898fd3110f2fb5f659e5.tar.gz

expat: fix CVE-2022-23852

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer for configurations with a nonzero XML_CONTEXT_BYTES. Backport patch from: https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 CVE: CVE-2022-23852 (From OE-Core rev: 8a50809a0e54c66a8a7aafb1b9bffbec009f8c57) Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit af81bb9d10c0f1e9dcaffc1bbc18ef780eea7127) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/scriptutils.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: