]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 84ded53) | patch
libxml2: upgrade 2.13.6 -> 2.13.8
authorDivya Chellam <divya.chellam@windriver.com>
Tue, 29 Apr 2025 11:33:59 +0000 (11:33 +0000)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 1 May 2025 13:20:18 +0000 (14:20 +0100)
commit0b24113405ab0bbb3200bb47fa8ed6abeaa7481b
tree723e74351de2067b429627a9e8764e67bd51dddetree | snapshot
parent84ded53ea7e4db1e3d7ea60527374040ec64b4fdcommit | diff
libxml2: upgrade 2.13.6 -> 2.13.8

This includes CVE-fix for CVE-2025-32414 and CVE-2025-32415.

Changelog:
===========
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.7
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8

Regressions

* tree: Fix xmlTextMerge with NULL args
* io: Fix compressed flag for uncompressed stdin
* parser: Fix parsing of DTD content

Security

* [CVE-2025-32415] schemas: Fix heap buffer overflow inxmlSchemaIDCFillNodeTables
* [CVE-2025-32414] python: Read at most len/4 characters. (Maks Verver)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-core/libxml/libxml2_2.13.8.bb [moved from meta/recipes-core/libxml/libxml2_2.13.6.bb with 97% similarity] diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core