diff options
author | Anuj Mittal <anuj.mittal@intel.com> | 2019-07-25 12:02:59 +0800 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2019-09-24 08:28:04 -0700 |
commit | 07cd0d606fea63e683c7de7ebfaa6a55170b8318 (patch) | |
tree | 84b817022e1a8aa2a66e23245336110638b96180 /meta/recipes-support/libxslt/files/CVE-2019-13117.patch | |
parent | c9c3fabddb4e1779ef330f2073f85dce83cb460b (diff) | |
download | openembedded-core-contrib-07cd0d606fea63e683c7de7ebfaa6a55170b8318.tar.gz |
libxslt: fix CVE-2019-13117 CVE-2019-13118
(From OE-Core rev: 7dc3048fec88dd62ef49ef16517b7382ab7cf2a5)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fixup for thud context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/recipes-support/libxslt/files/CVE-2019-13117.patch')
-rw-r--r-- | meta/recipes-support/libxslt/files/CVE-2019-13117.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-support/libxslt/files/CVE-2019-13117.patch b/meta/recipes-support/libxslt/files/CVE-2019-13117.patch new file mode 100644 index 0000000000..ef3f2709f7 --- /dev/null +++ b/meta/recipes-support/libxslt/files/CVE-2019-13117.patch @@ -0,0 +1,33 @@ +From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat, 27 Apr 2019 11:19:48 +0200 +Subject: [PATCH] Fix uninitialized read of xsl:number token + +Found by OSS-Fuzz. + +CVE: CVE-2019-13117 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + libxslt/numbers.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/libxslt/numbers.c b/libxslt/numbers.c +index 89e1f668..75c31eba 100644 +--- a/libxslt/numbers.c ++++ b/libxslt/numbers.c +@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format, + tokens->tokens[tokens->nTokens].token = val - 1; + ix += len; + val = xmlStringCurrentChar(NULL, format+ix, &len); +- } ++ } else { ++ tokens->tokens[tokens->nTokens].token = (xmlChar)'0'; ++ tokens->tokens[tokens->nTokens].width = 1; ++ } + } else if ( (val == (xmlChar)'A') || + (val == (xmlChar)'a') || + (val == (xmlChar)'I') || +-- +2.21.0 + |