[Buildroot] [PATCH] package/libxml2: add upstream security fix for CVE-2020-7595

Thomas Petazzoni thomas.petazzoni at bootlin.com
Tue Feb 4 22:20:04 UTC 2020


On Tue,  4 Feb 2020 16:41:47 +0100
Peter Korsgaard <peter at korsgaard.com> wrote:

> Fixes CVE-2020-7595: xmlStringLenDecodeEntities in parser.c in libxml2
> 2.9.10 has an infinite loop in a certain end-of-file situation.
> 
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
>  ...e-loop-in-xmlStringLenDecodeEntities.patch | 36 +++++++++++++++++++
>  1 file changed, 36 insertions(+)
>  create mode 100644 package/libxml2/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com



More information about the buildroot mailing list