mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-04-29 09:32:11 +02:00

Commit Graph

Author	SHA1	Message	Date
Ross Burton	0542c12e89	libxml2: ignore disputed CVE-2023-45322 This CVE is a use-after-free which theoretically can be an exploit vector, but this UAF only occurs when malloc() fails. As it's unlikely that the user can orchestrate malloc() failures at just the place to break on _this_ malloc and not others it is disputed that this is actually a security issue. The underlying bug has been fixed, and will be incorporated into the next release. (From OE-Core rev: 8c70e7cecb1beb30a5be4ea9bbc89c2f2e11853b) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-11-03 13:49:23 +00:00
Wang Mingyu	c80bd5be88	libxml2: upgrade 2.11.4 -> 2.11.5 Changelog: ========== ### Regressions --------------- - parser: Make xmlSwitchEncoding always skip the BOM - autotools: Improve iconv check ### Bug fixes -------------- - valid: Fix c1->parent pointer in xmlCopyDocElementContent - encoding: Always call ucnv_convertEx with flush set to false ### Portability --------------- - autotools: fix Python module file ext for cygwin/msys2 ### Tests ---------- - runtest: Fix compilation without LIBXML_HTML_ENABLED (From OE-Core rev: 9e1bcaac1da6907d6664c5628e7c6196cfa5fcc7) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-09-02 18:23:05 +01:00

Author

SHA1

Message

Date

Ross Burton

0542c12e89

libxml2: ignore disputed CVE-2023-45322

This CVE is a use-after-free which theoretically can be an exploit
vector, but this UAF only occurs when malloc() fails.  As it's
unlikely that the user can orchestrate malloc() failures at just the
place to break on _this_ malloc and not others it is disputed that this
is actually a security issue.

The underlying bug has been fixed, and will be incorporated into the
next release.

(From OE-Core rev: 8c70e7cecb1beb30a5be4ea9bbc89c2f2e11853b)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2023-11-03 13:49:23 +00:00

Wang Mingyu

c80bd5be88

libxml2: upgrade 2.11.4 -> 2.11.5

Changelog:
==========
### Regressions
---------------
- parser: Make xmlSwitchEncoding always skip the BOM
- autotools: Improve iconv check

### Bug fixes
--------------
- valid: Fix c1->parent pointer in xmlCopyDocElementContent
- encoding: Always call ucnv_convertEx with flush set to false

### Portability
---------------
- autotools: fix Python module file ext for cygwin/msys2

### Tests
----------
- runtest: Fix compilation without LIBXML_HTML_ENABLED

(From OE-Core rev: 9e1bcaac1da6907d6664c5628e7c6196cfa5fcc7)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2023-09-02 18:23:05 +01:00

2 Commits