From 674bd59d5e357a4aba18c472ac21712a660a84af Mon Sep 17 00:00:00 2001 From: "Maxin B. John" Date: Wed, 7 May 2014 14:24:15 +0200 Subject: libxml2: fix CVE-2014-0191 It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors. Reference: https://access.redhat.com/security/cve/CVE-2014-0191 Signed-off-by: Maxin B. John Signed-off-by: Saul Wold --- meta/recipes-core/libxml/libxml2.inc | 1 + 1 file changed, 1 insertion(+) (limited to 'meta/recipes-core/libxml/libxml2.inc') diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc index 7fb2644416..60bb6b8539 100644 --- a/meta/recipes-core/libxml/libxml2.inc +++ b/meta/recipes-core/libxml/libxml2.inc @@ -18,6 +18,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ file://ansidecl.patch \ file://runtest.patch \ file://run-ptest \ + file://libxml2-CVE-2014-0191-fix.patch \ " inherit autotools pkgconfig binconfig pythonnative ptest -- cgit v1.2.3