The code maintainer disputes the CVE as the issue can only be triggered with
untrusted SGML catalogs and it makes absolutely no sense to use untrusted
catalogs.
The issue triggers a crash if an invalid file is provided.
Source: https://gitlab.gnome.org/GNOME/libxml2/-/issues/958"
(From OE-Core rev: 348ce728af1cea4f909de5c3597801b5612719e4)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick commit referencing this CVE from 2.13 branch.
(From OE-Core rev: 061610dfca8a72b71e1baca3ad4aa2c9fb64449b)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A NULL pointer dereference vulnerability was found in libxml2 when processing
XPath XML expressions. This flaw allows an attacker to craft a malicious XML
input to libxml2, leading to a denial of service.
(From OE-Core rev: b144c3ef3ba1797d925ea44d9450a6ec0fe32047)
Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick commit from 2.13 branch as 2.12 branch is unmaintained now.
(From OE-Core rev: 2335d4f0d1826647eaee224c469331980fc84ed2)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick commit which has been backported to 2.12 release branch.
(From OE-Core rev: 187052ce4ddd43b46b8335cc955a63ca19ee6994)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
