Steve Sakoman b618e57f79 expat: fix CVE-2021-45960 ...

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more)
places in the storeAtts function in xmlparse.c can lead to realloc
misbehavior (e.g., allocating too few bytes, or only freeing memory).

Backport patch from:
0adcb34c49

CVE: CVE-2021-45960
(From OE-Core rev: 22fe1dea3164a5cd4d5636376f3671641ada1da9)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2022-01-25 12:06:55 +00:00

..

classes

cve-check: add lockfile to task

2022-01-22 17:56:52 +00:00

conf

cve-extra-exclusions: add db CVEs to exclusion list

2021-12-14 22:49:22 +00:00

files

common-licenses: add "Unlicense" license file

2021-10-07 15:10:33 +01:00

lib

parselogs: add a couple systemd false positives

2022-01-22 17:56:53 +00:00

recipes-bsp

grub: fix CVE-2020-14372 and CVE-2020-27779

2022-01-11 22:28:38 +00:00

recipes-connectivity

openssl: Add reproducibility fix

2022-01-11 22:28:38 +00:00

recipes-core

expat: fix CVE-2021-45960

2022-01-25 12:06:55 +00:00

recipes-devtools

valgrind: skip flakey ptest (gdbserver_tests/hginfo)

2022-01-22 17:56:52 +00:00

recipes-extended

asciidoc: properly detect and compare Python versions >= 3.10

2022-01-11 22:28:38 +00:00

recipes-gnome

gobject-introspection: Don't write $HOME into scripts

2021-10-23 23:14:17 +01:00

recipes-graphics

xserver-xorg: whitelist two CVEs

2022-01-22 17:56:53 +00:00

recipes-kernel

linux-firmware: upgrade 20211027 -> 20211216

2022-01-11 22:28:38 +00:00

recipes-multimedia

gstreamer1.0: fix failing ptest

2021-12-30 16:59:16 +00:00

recipes-rt

rt-tests: set branch name in SRC_URI

2021-09-10 16:21:36 +01:00

recipes-sato

webkitgtk: Fix reproducibility in minibrowser

2021-11-15 11:53:55 +00:00

recipes-support

libpcre2: update SRC_URI

2022-01-11 22:28:38 +00:00

site

site: Make sys_siglist default to no

2020-10-06 14:15:21 +01:00

COPYING.MIT

…

recipes.txt

Remove LSB support

2019-08-29 14:05:12 +01:00