[OE-core] [PATCH] libxml2 CVE-2012-2807
Richard Purdie
richard.purdie at linuxfoundation.org
Thu Jun 20 12:11:36 UTC 2013
On Thu, 2013-06-20 at 19:09 +0800, jackie.huang at windriver.com wrote:
> From: Jackie Huang <jackie.huang at windriver.com>
>
> Multiple integer overflows in libxml2, as used in Google Chrome
> before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to
> cause a denial of service or possibly have unspecified other impact via unknown vectors.
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2807
>
> Signed-off-by: Li Wang <li.wang at windriver.com>
> Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
> ---
> .../libxml/libxml2/libxml2-fix-CVE-2012-2807.patch | 78 ++++++++++++++++++++
> meta/recipes-core/libxml/libxml2_2.9.1.bb | 1 +
> 2 files changed, 79 insertions(+), 0 deletions(-)
> create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix-CVE-2012-2807.patch
>
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix-CVE-2012-2807.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix-CVE-2012-2807.patch
> new file mode 100644
> index 0000000..f796ab7
> --- /dev/null
> +++ b/meta/recipes-core/libxml/libxml2/libxml2-fix-CVE-2012-2807.patch
> @@ -0,0 +1,78 @@
> +Attempt to address libxml crash.
> +
> +BUG=129930
> +Review URL: https://chromiumcodereview.appspot.com/10458051
> +
> +https://src.chromium.org/viewvc/chrome?view=rev&revision=142822
> +
> +2012-2807
> +Multiple integer overflows in libxml2, as used in Google Chrome
> +before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to cause \
> +a denial of service or possibly have unspecified other impact via unknown vectors.
> +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2807
> +
> +Signed-off-by: Li Wang <li.wang at windriver.com>
No Upstream-Status field.
Cheers,
Richard
More information about the Openembedded-core
mailing list