libxml2: CVE-2016-9318 - openembedded-core

diff options

author	Catalin Enache <catalin.enache@windriver.com>	2017-04-14 11:43:32 +0300
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-04-28 11:26:07 +0100
commit	0dd44c00e3b2fbc3befc3f361624a3a60161d979 (patch)
tree	9c8fefa05ba36bd4cbf56e42433d8329ec660e16 /LICENSE
parent	6679a4d4379f6f18554ed0042546cce94d5d0b19 (diff)
download	openembedded-core-0dd44c00e3b2fbc3befc3f361624a3a60161d979.tar.gz

libxml2: CVE-2016-9318

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0 Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>

Diffstat (limited to 'LICENSE')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: