[OE-core] [PATCH v3 0/7] libxml2: Fix multiple CVEs
Andrej Valek
andrej.valek at siemens.com
Thu Jun 15 12:08:32 UTC 2017
Fix CVE:
- CVE-2017-0663
- CVE-2017-9047
- CVE-2017-9048
- CVE-2017-9049
- CVE-2017-9050
- CVE-2017-5969
- Sync necessary changes for CVE fixing from master.
Andrej Valek (7):
libxml2: Disable LeakSanitizer when running API tests
libxml2: Avoid reparsing and simplify control flow in
xmlParseStartTag2
libxml2: Fix CVE-2017-9047 and CVE-2017-9048
libxml2: Fix CVE-2017-9049 and CVE-2017-9050
libxml2: Fix CVE-2017-5969
libxml2: Fix CVE-2017-0663
libxml2: Revert "Add an XML_PARSE_NOXXE flag to block all entities
loading even local"
.../libxml/libxml2/CVE-2016-9318.patch | 207 --------
.../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 ++
.../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 +++
.../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ++++
.../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ++++++++++
...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 +++++++++++++++++++++
meta/recipes-core/libxml/libxml2/runtest.patch | 25 +-
meta/recipes-core/libxml/libxml2_2.9.4.bb | 6 +-
8 files changed, 1111 insertions(+), 213 deletions(-)
delete mode 100644 meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch
create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
--
2.1.4
More information about the Openembedded-core
mailing list