[Buildroot] [PATCH] package/libxml2: add upstream security fix for CVE-2020-7595
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Tue Feb 4 22:20:04 UTC 2020
On Tue, 4 Feb 2020 16:41:47 +0100
Peter Korsgaard <peter at korsgaard.com> wrote:
> Fixes CVE-2020-7595: xmlStringLenDecodeEntities in parser.c in libxml2
> 2.9.10 has an infinite loop in a certain end-of-file situation.
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> ...e-loop-in-xmlStringLenDecodeEntities.patch | 36 +++++++++++++++++++
> 1 file changed, 36 insertions(+)
> create mode 100644 package/libxml2/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list