diff options
| author |   Tony Tascioglu <tony.tascioglu@windriver.com> | 2021-05-20 17:45:42 -0400 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-05-22 10:57:24 +0100 |
| commit | e1e04de65e24d1596d800d7f8e85f98bb7f72632 (patch) | |
| tree | ceaefb79ecbf8ebfb07b04bff3977a0a3c0e9450 /meta/recipes-core/libxml/libxml2_2.9.10.bb | |
| parent | 6c59d33ee158129d5c0cca3cce65824f9bc4e7e3 (diff) | |
| download | openembedded-core-contrib-e1e04de65e24d1596d800d7f8e85f98bb7f72632.tar.gz | |
libxml2: Fix CVE-2021-3541
Upstream commit:
This is related to parameter entities expansion and following
the line of the billion laugh attack. Somehow in that path the
counting of parameters was missed and the normal algorithm based
on entities "density" was useless.
CVE: CVE-2021-3541
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/libxml/libxml2_2.9.10.bb')
| -rw-r--r-- | meta/recipes-core/libxml/libxml2_2.9.10.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb index a9bff74b55..ce4f9a3340 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb @@ -29,6 +29,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \ file://CVE-2021-3518-0001.patch \ file://CVE-2021-3518-0002.patch \ file://CVE-2021-3537.patch \ + file://CVE-2021-3541.patch \ " SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5" |