openembedded-core.git - Mirror of openembedded-core

diff options

author	Maxin B. John <maxin.john@enea.com>	2014-05-07 14:24:15 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-05-29 13:42:07 +0100
commit	51f674ab1f7dac049060c58f89e84c5d1275a87b (patch)
tree	a2dc1a1d04bff62dd280c9b53f554ca7edfa63c3 /scripts/tiny/ksize.py
parent	f1f97c61281158432a98279a2f7b4931173f406e (diff)
download	openembedded-core-51f674ab1f7dac049060c58f89e84c5d1275a87b.tar.gz openembedded-core-51f674ab1f7dac049060c58f89e84c5d1275a87b.tar.bz2 openembedded-core-51f674ab1f7dac049060c58f89e84c5d1275a87b.zip

libxml2: fix CVE-2014-0191

It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors. Reference: https://access.redhat.com/security/cve/CVE-2014-0191 (From OE-Core rev: 674bd59d5e357a4aba18c472ac21712a660a84af) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/tiny/ksize.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: