diff options
author | Vijay Anusuri <vanusuri@mvista.com> | 2024-01-12 08:34:06 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2024-01-13 15:57:37 -1000 |
commit | 03b766e42beb42a2085285308acbcf941f346b06 (patch) | |
tree | 132c0197cf97b3846daf5e1fce46ee2369dd0181 /meta/recipes-core/libxml/libxml2_2.9.10.bb | |
parent | f5eff24d386215e5b5aee5c3261f5602b47c7f02 (diff) | |
download | openembedded-core-contrib-03b766e42beb42a2085285308acbcf941f346b06.tar.gz |
libxml2: Fix for CVE-2023-45322
Backport patch for gitlab issue mentioned in NVD CVE report.
* https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
Backport also one of 14 patches for older issue with similar errors
to have clean cherry-pick without patch fuzz.
* https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
The CVE is disputed because the maintainer does not think that
errors after memory allocation failures are not critical enough
to warrant a CVE ID.
This patch will formally fix reported error case, trying to backport
another 13 patches and resolve conflicts would be probably overkill
due to disputed state.
This CVE was ignored on master branch (as diputed).
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-core/libxml/libxml2_2.9.10.bb')
-rw-r--r-- | meta/recipes-core/libxml/libxml2_2.9.10.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb index aa17cd8cca..90d30f1ea7 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb @@ -42,6 +42,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te file://CVE-2023-39615-0001.patch \ file://CVE-2023-39615-0002.patch \ file://CVE-2021-3516.patch \ + file://CVE-2023-45322-1.patch \ + file://CVE-2023-45322-2.patch \ " SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813" |