diff options
| author |   Steve Sakoman <steve@sakoman.com> | 2022-01-19 04:33:49 -1000 |
|---|---|---|
| committer |   Anuj Mittal <anuj.mittal@intel.com> | 2022-01-26 11:40:00 +0800 |
| commit | 0d195a98703d690a348719f77e7be78653d14ad3 (patch) | |
| tree | faeb8984acc0c5b4a78099b642d394799052484d /meta/recipes-core/expat/expat_2.2.10.bb | |
| parent | 3d3db22ec53d86985040294378ffb81306ef9a5b (diff) | |
| download | openembedded-core-contrib-0d195a98703d690a348719f77e7be78653d14ad3.tar.gz | |
expat fix CVE-2022-22822 through CVE-2022-22827
xmlparse.c has multiple integer overflows. The involved functions are:
- addBinding (CVE-2022-22822)
- build_model (CVE-2022-22823)
- defineAttribute (CVE-2022-22824)
- lookup (CVE-2022-22825)
- nextScaffoldPart (CVE-2022-22826)
- storeAtts (CVE-2022-22827)
Backport patch from:
https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e
CVE: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 3b6c47c0ebae9fdb7a13480daf8f46a8dbb2c9bd)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/recipes-core/expat/expat_2.2.10.bb')
| -rw-r--r-- | meta/recipes-core/expat/expat_2.2.10.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-core/expat/expat_2.2.10.bb b/meta/recipes-core/expat/expat_2.2.10.bb index 08e8ff1cea..5a123305c4 100644 --- a/meta/recipes-core/expat/expat_2.2.10.bb +++ b/meta/recipes-core/expat/expat_2.2.10.bb @@ -12,6 +12,7 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA file://libtool-tag.patch \ file://run-ptest \ file://0001-Add-output-of-tests-result.patch \ + file://CVE-2022-22822-27.patch \ " UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/" |