summaryrefslogtreecommitdiff
path: root/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch
AgeCommit message (Collapse)AuthorFiles
2015-04-30libxml2: remove libxml2-CVE-2014-3660.patchRobert Yang1
It is a backport patch, and verified that the patch is in the source. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-10-24libxml2: fix CVE-2014-3660Joe MacDonald1
It was discovered that the patch for CVE-2014-0191 for libxml2 is incomplete. It is still possible to have libxml2 incorrectly perform entity substituton even when the application using libxml2 explicitly disables the feature. This can allow a remote denial-of-service attack on systems with libxml2 prior to 2.9.2. References: http://www.openwall.com/lists/oss-security/2014/10/17/7 https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-16 07:19:35 +0000