libxml2: Fix CVE-2021-3541 - openembedded-core-contrib - OpenEmbedded Core user contribution trees

diff options

author	Tony Tascioglu <tony.tascioglu@windriver.com>	2021-05-20 17:45:42 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-05-22 10:57:24 +0100
commit	e1e04de65e24d1596d800d7f8e85f98bb7f72632 (patch)
tree	ceaefb79ecbf8ebfb07b04bff3977a0a3c0e9450 /meta/recipes-extended
parent	6c59d33ee158129d5c0cca3cce65824f9bc4e7e3 (diff)
download	openembedded-core-contrib-e1e04de65e24d1596d800d7f8e85f98bb7f72632.tar.gz

libxml2: Fix CVE-2021-3541

Upstream commit: This is related to parameter entities expansion and following the line of the billion laugh attack. Somehow in that path the counting of parameters was missed and the normal algorithm based on entities "density" was useless. CVE: CVE-2021-3541 Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e] Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-extended')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: