From: Peter Marko Date: Fri, 28 Feb 2025 17:16:58 +0000 (+0100) Subject: libxml2: mark patch as fixing CVE-2025-27113 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=204ff9dd9c62a8a346e89880b2e15a4c0e9ad6e0;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git libxml2: mark patch as fixing CVE-2025-27113 This vulnerability has now a CVE assigned. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- diff --git a/meta/recipes-core/libxml/libxml2/0001-pattern-Fix-compilation-of-explicit-child-axis.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-27113.patch similarity index 98% rename from meta/recipes-core/libxml/libxml2/0001-pattern-Fix-compilation-of-explicit-child-axis.patch rename to meta/recipes-core/libxml/libxml2/CVE-2025-27113.patch index 932c0ec422..92713375eb 100644 --- a/meta/recipes-core/libxml/libxml2/0001-pattern-Fix-compilation-of-explicit-child-axis.patch +++ b/meta/recipes-core/libxml/libxml2/CVE-2025-27113.patch @@ -6,6 +6,7 @@ Subject: [PATCH] pattern: Fix compilation of explicit child axis The child axis is the default axis and should generate XML_OP_ELEM like the case without an axis. +CVE: CVE-2025-27113 Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/503f788e84f1c1f1d769c2c7258d77faee94b5a3] Signed-off-by: Peter Marko --- diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb index 8f1d882505..1cbd620b34 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb @@ -34,7 +34,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt file://CVE-2024-25062.patch \ file://CVE-2024-34459.patch \ file://CVE-2022-49043.patch \ - file://0001-pattern-Fix-compilation-of-explicit-child-axis.patch \ + file://CVE-2025-27113.patch \ file://CVE-2024-56171.patch \ file://CVE-2025-24928.patch \ "