[OE-core] [PATCH] libxml2: Security Advisory - libxml2 - CVE-2015-1819
Burton, Ross
ross.burton at intel.com
Fri Jun 5 12:02:17 UTC 2015
On 5 June 2015 at 09:23, <wenzong.fan at windriver.com> wrote:
> +From 213f1fe0d76d30eaed6e5853057defc43e6df2c9 Mon Sep 17 00:00:00 2001
> +From: Daniel Veillard <veillard at redhat.com>
> +Date: Tue, 14 Apr 2015 17:41:48 +0800
> +Subject: [PATCH] CVE-2015-1819 Enforce the reader to run in constant
> memory
> +
> +One of the operation on the reader could resolve entities
> +leading to the classic expansion issue. Make sure the
> +buffer used for xmlreader operation is bounded.
> +Introduce a new allocation type for the buffers for this effect.
> +
> +Upstream-Status: Backport
>
No signed-off-by.
Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20150605/05499439/attachment-0002.html>
More information about the Openembedded-core
mailing list