]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b0f3493) | patch
libxml2: fix CVE-2025-49795
authorDivya Chellam <divya.chellam@windriver.com>
Wed, 16 Jul 2025 11:18:49 +0000 (16:48 +0530)
committerSteve Sakoman <steve@sakoman.com>
Wed, 16 Jul 2025 15:21:58 +0000 (08:21 -0700)
commit9f17e0911eeb49e007de8ee3e50d9f3f38e08a26
tree5a3bd9e83d866d9eb454d6a089b032e2d7e6f5e1tree
parentb0f34931f7ae35538d007add80e2f81c85fa950fcommit | diff
libxml2: fix CVE-2025-49795

A NULL pointer dereference vulnerability was found in libxml2 when
processing XPath XML expressions. This flaw allows an attacker to
craft a malicious XML input to libxml2, leading to a denial of service.

Pick commit from 2.13 branch

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-49795

Upstream-patch:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/62048278a4c5fdf14d287dfb400005c0a0caa69f

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch [new file with mode: 0644] blob
meta/recipes-core/libxml/libxml2_2.13.8.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib