openembedded-core.git - Mirror of openembedded-core

diff options

author	Li Wang <li.wang@windriver.com>	2013-01-07 11:10:02 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2013-01-07 11:31:55 +0000
commit	fdd6da5933a3e7dd1e0ca2afd7107839b4fa65e8 (patch)
tree	cd175bd13f18e814f561e1f5c5b7b04563ec04b4 /scripts/oe-git-proxy-command
parent	1f555a6a45eb68011cbe759acf486ac507a6599c (diff)
download	openembedded-core-fdd6da5933a3e7dd1e0ca2afd7107839b4fa65e8.tar.gz openembedded-core-fdd6da5933a3e7dd1e0ca2afd7107839b4fa65e8.tar.bz2 openembedded-core-fdd6da5933a3e7dd1e0ca2afd7107839b4fa65e8.zip

librsvg: CVE-2011-3146

Store node type separately in RsvgNode commit 34c95743ca692ea0e44778e41a7c0a129363de84 upstream The node name (formerly RsvgNode:type) cannot be used to infer the sub-type of RsvgNode that we're dealing with, since for unknown elements we put type = node-name. This lead to a (potentially exploitable) crash e.g. when the element name started with "fe" which tricked the old code into considering it as a RsvgFilterPrimitive. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3146 https://bugzilla.gnome.org/show_bug.cgi?id=658014 [YOCTO #3581] [ CQID: WIND00376773 ] Upstream-Status: Backport Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/oe-git-proxy-command')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: