]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1d36df9) | patch
expat: Fix CVE-2022-43680 for expat
authorRanjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Thu, 3 Nov 2022 05:13:20 +0000 (10:43 +0530)
committerSteve Sakoman <steve@sakoman.com>
Fri, 4 Nov 2022 17:52:01 +0000 (07:52 -1000)
commitac4476e6594417b14bfb05a110009ef245f419b0
treea9d10f9729863e1cf1e41dc3a705f439175dc762tree
parent1d36df9c9ec0ea13c4e0c3794b0d97305e2c6ac1commit | diff
expat: Fix CVE-2022-43680 for expat

Add a patch to fix CVE-2022-43680 issue where use-after free caused by
overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
in out-of-memory situations
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-43680
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/expat/expat/CVE-2022-43680.patch [new file with mode: 0644] blob
meta/recipes-core/expat/expat_2.2.9.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core