]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9011bc3) | patch
libxml2: fix CVE-2025-6021
authorhongxu <hongxu.jia@eng.windriver.com>
Mon, 16 Jun 2025 05:00:53 +0000 (13:00 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 16 Jun 2025 16:56:27 +0000 (17:56 +0100)
commite3a6bf785656243b5adc0775f7480a1eb0e4ae4c
tree23eeb725e32207d3bb784b6a1627786f270873c7tree | snapshot
parent9011bc307fcdccb144b75d77b36bbc5c8d4bd96dcommit | diff
libxml2: fix CVE-2025-6021

According to [1]

A flaw was found in libxml2's xmlBuildQName function, where integer overflows
in buffer size calculations can lead to a stack-based buffer overflow. This
issue can result in memory corruption or a denial of service when processing
crafted input.

Refer debian [2], backport a fix [3] from upstream

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-6021
[2] https://security-tracker.debian.org/tracker/CVE-2025-6021
[3] https://gitlab.gnome.org/GNOME/libxml2/-/commit/acbbeef9f5dcdcc901c5f3fa14d583ef8cfd22f0

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-core/libxml/libxml2/CVE-2025-6021.patch [new file with mode: 0644] blob
meta/recipes-core/libxml/libxml2_2.14.3.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib