mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-19 13:49:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,240 Commits 38 Branches 621 Tags
9be12479df7a4e8e1fc5b7ec867bcb7ff82efa5b
Commit Graph

2 Commits

Author SHA1 Message Date
Hongxu Jia
efbd99e462 libxml2: upgrade 2.14.3 -> 2.14.5 
Release notes:

    https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.5

(From OE-Core rev: b82cb6d55033ffff79b5a767bd50b06989c0acfc)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2025-07-28 14:51:50 +01:00
hongxu
134890aca0 libxml2: fix CVE-2025-6021 
According to [1]

A flaw was found in libxml2's xmlBuildQName function, where integer overflows
in buffer size calculations can lead to a stack-based buffer overflow. This
issue can result in memory corruption or a denial of service when processing
crafted input.

Refer debian [2], backport a fix [3] from upstream

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-6021
[2] https://security-tracker.debian.org/tracker/CVE-2025-6021
[3] acbbeef9f5

(From OE-Core rev: e3a6bf785656243b5adc0775f7480a1eb0e4ae4c)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2025-06-16 17:57:30 +01:00