]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bb80f57) | patch
libxml2: fix CVE-2025-6021
authorDivya Chellam <divya.chellam@windriver.com>
Mon, 14 Jul 2025 10:19:57 +0000 (15:49 +0530)
committerSteve Sakoman <steve@sakoman.com>
Mon, 14 Jul 2025 16:56:24 +0000 (09:56 -0700)
commit99a239d9146c5ecf158cd9db7823ec1aff45fd48
tree0f2f3d22793f06876c94181bc62f4665eee4a00ctree | snapshot
parentbb80f57bc3818937d5a207040bfd44021dee4e6ecommit | diff
libxml2: fix CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer
overflows in buffer size calculations can lead to a stack-based buffer
overflow. This issue can result in memory corruption or a denial
of service when processing crafted input.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-6021

Upstream-patch:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/17d950ae33c23f87692aa179bacedb6743f3188a

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/libxml/libxml2/CVE-2025-6021.patch [new file with mode: 0644] blob
meta/recipes-core/libxml/libxml2_2.13.8.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core