diff options
author | Armin Kuster <akuster@mvista.com> | 2016-07-09 14:54:21 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-07-27 08:29:34 +0100 |
commit | 9d894179128771c4a2628c103f5c39e2e6ef13c5 (patch) | |
tree | eeb753b7a274d75474b1971b7b50f7c35563e417 /meta | |
parent | a28fea55f72284d3f4ed85f19f80b8475e726ee6 (diff) | |
download | openembedded-core-contrib-9d894179128771c4a2628c103f5c39e2e6ef13c5.tar.gz |
libxml2: Security fix for CVE-2016-1840
affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-core/libxml/libxml2/CVE-2016-1840.patch | 37 | ||||
-rw-r--r-- | meta/recipes-core/libxml/libxml2_2.9.2.bb | 1 |
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2016-1840.patch b/meta/recipes-core/libxml/libxml2/CVE-2016-1840.patch new file mode 100644 index 0000000000..41de9f80d8 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2016-1840.patch @@ -0,0 +1,37 @@ +From cbb271655cadeb8dbb258a64701d9a3a0c4835b4 Mon Sep 17 00:00:00 2001 +From: Pranjal Jumde <pjumde@apple.com> +Date: Mon, 7 Mar 2016 06:34:26 -0800 +Subject: [PATCH] Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup + <https://bugzilla.gnome.org/show_bug.cgi?id=757711> + +* xmlregexp.c: +(xmlFAParseCharRange): Only advance to the next character if +there is no error. Advancing to the next character in case of +an error while parsing regexp leads to an out of bounds access. + +Upstream-Status: Backport +CVE: CVE-2016-1840 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + xmlregexp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: libxml2-2.9.2/xmlregexp.c +=================================================================== +--- libxml2-2.9.2.orig/xmlregexp.c ++++ libxml2-2.9.2/xmlregexp.c +@@ -5052,11 +5052,12 @@ xmlFAParseCharRange(xmlRegParserCtxtPtr + ERROR("Expecting the end of a char range"); + return; + } +- NEXTL(len); ++ + /* TODO check that the values are acceptable character ranges for XML */ + if (end < start) { + ERROR("End of range is before start of range"); + } else { ++ NEXTL(len); + xmlRegAtomAddRange(ctxt, ctxt->atom, ctxt->neg, + XML_REGEXP_CHARVAL, start, end, NULL); + } diff --git a/meta/recipes-core/libxml/libxml2_2.9.2.bb b/meta/recipes-core/libxml/libxml2_2.9.2.bb index 41cba644fe..563661b1fd 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.2.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.2.bb @@ -8,6 +8,7 @@ SRC_URI += "file://CVE-2016-1762.patch \ file://CVE-2016-3705.patch \ file://CVE-2016-1834.patch \ file://CVE-2016-4483.patch \ + file://CVE-2016-1840.patch \ " SRC_URI[libtar.md5sum] = "9e6a9aca9d155737868b3dc5fd82f788" |