openembedded-core.git/meta/recipes-core/libxml/libxml2/fix-CVE-2017-8872.patch, branch thud Mirror of openembedded-core libxml2: refresh CVE-2017-8872 2018-10-04T13:30:40+00:00 Ross Burton ross.burton@intel.com 2018-10-04T09:20:20+00:00 512869aea6dde1bb2374601f7c4d793ac9edaa42 The patch associated with the CVE-2017-8872 report was never merged into libxml2, but a slightly different patch for the same problem was. Cherry-pick that as a backport, which also fixes the failing test suite. Signed-off-by: Ross Burton <ross.burton@intel.com> 
The patch associated with the CVE-2017-8872 report was never merged into
libxml2, but a slightly different patch for the same problem was.  Cherry-pick
that as a backport, which also fixes the failing test suite.

Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: fix CVE-2017-8872 2018-07-04T23:24:14+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-07-04T01:39:14+00:00 dac867dc63af70ae992c50697d2be95c3e7b58bb The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. https://bugzilla.gnome.org/show_bug.cgi?id=775200 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4
allows attackers to cause a denial of service (buffer over-read) or
information disclosure.

https://bugzilla.gnome.org/show_bug.cgi?id=775200

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>