summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch
Commit message (Collapse)AuthorAgeFilesLines
* libxml2: Revert "Add an XML_PARSE_NOXXE flag to block all entities loading ↵Andrej Valek2017-06-231-207/+0
| | | | | | | | | | | even local" The new flag doesn't work and the change even broke the XML_PARSE_NONET option. (From OE-Core rev: 8b586f60778579ee2c9adae429128a07e8437553) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: CVE-2016-9318Catalin Enache2017-04-291-0/+207
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0 (From OE-Core rev: 0dd44c00e3b2fbc3befc3f361624a3a60161d979) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-02-05 00:15:41 +0000