git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Vijay Anusuri <vanusuri@mvista.com>
	Fri, 12 Jan 2024 03:04:06 +0000 (08:34 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Sun, 14 Jan 2024 01:57:37 +0000 (15:57 -1000)
commit	03b766e42beb42a2085285308acbcf941f346b06
tree	132c0197cf97b3846daf5e1fce46ee2369dd0181	tree
parent	f5eff24d386215e5b5aee5c3261f5602b47c7f02	commit \| diff

libxml2: Fix for CVE-2023-45322

Backport patch for gitlab issue mentioned in NVD CVE report.
* https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
Backport also one of 14 patches for older issue with similar errors
to have clean cherry-pick without patch fuzz.
* https://gitlab.gnome.org/GNOME/libxml2/-/issues/344

The CVE is disputed because the maintainer does not think that
errors after memory allocation failures are not critical enough
to warrant a CVE ID.
This patch will formally fix reported error case, trying to backport
another 13 patches and resolve conflicts would be probably overkill
due to disputed state.
This CVE was ignored on master branch (as diputed).

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch	[new file with mode: 0644]	blob
meta/recipes-core/libxml/libxml2/CVE-2023-45322-2.patch	[new file with mode: 0644]	blob
meta/recipes-core/libxml/libxml2_2.9.10.bb		diff \| blob \| blame \| history