[OE-core] [PATCH 1/2 v2] libxml2 CVE-2012-2807
Burton, Ross
ross.burton at intel.com
Fri Jun 21 12:24:23 UTC 2013
On 21 June 2013 11:06, Burton, Ross <ross.burton at intel.com> wrote:
> On 21 June 2013 03:28, <jackie.huang at windriver.com> wrote:
>> +Upstream-Status: Backport
I'm now going as far as NACKing this. The fact that a 2012 CVE
against a package that is under active development hasn't obviously
been merged raised a flag, so I spoke with upstream (crazy, I know!).
Basically libxml 2.9.0 introduced a new buffer system, and the patch
is Chromium is actually a simplified version of that code. Thus, if
we have libxml 2.9.0 onwards we don't need this patch.
Ross
More information about the Openembedded-core
mailing list