diff options
| author | Armin Kuster <akuster@mvista.com> | 2015-11-11 14:21:46 -0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-01-15 13:14:34 +0000 |
| commit | 01b93fb33d8c708afed1226a7166f76ee7a5b6f1 (patch) | |
| tree | c19c99e4a73aff7809bee1670a36e5d4b2786d63 /meta/recipes-core/libxml/libxml2.inc | |
| parent | 6e3eefb997063971801bea933f319bb428b33fa5 (diff) | |
| download | ast2050-yocto-poky-01b93fb33d8c708afed1226a7166f76ee7a5b6f1.zip ast2050-yocto-poky-01b93fb33d8c708afed1226a7166f76ee7a5b6f1.tar.gz | |
libxml2: fix CVE-2015-7942 and CVE-2015-8035
CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()
CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled
[YOCTO #8641]
(From OE-Core master rev: 27de51f4ad21d9b896e7d48041e7cdf20c564a38)
(From OE-Core rev: fdaf0f8f8b034f19639f66e1d30088bb9abfc68d)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/libxml/libxml2.inc')
| -rw-r--r-- | meta/recipes-core/libxml/libxml2.inc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc index 9d1d2bd..95fc75c 100644 --- a/meta/recipes-core/libxml/libxml2.inc +++ b/meta/recipes-core/libxml/libxml2.inc @@ -23,6 +23,8 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ file://libxml-m4-use-pkgconfig.patch \ file://configure.ac-fix-cross-compiling-warning.patch \ file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \ + file://CVE-2015-7942.patch \ + file://CVE-2015-8035.patch \ " BINCONFIG = "${bindir}/xml2-config" |
