diff options
| author | Steve Sakoman <steve@sakoman.com> | 2022-01-19 04:51:17 -1000 | 
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-01-25 12:06:55 +0000 | 
| commit | b618e57f798148c3d032129cf1e60fd209730dfd (patch) | |
| tree | b48f83d0b338c67ef218ffa63a059430d84ef754 /scripts/contrib/convert-srcuri.py | |
| parent | 95491a12eacdd84b113cf11cdc14489564e484d1 (diff) | |
| download | poky-b618e57f798148c3d032129cf1e60fd209730dfd.tar.gz | |
expat: fix CVE-2021-45960
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more)
places in the storeAtts function in xmlparse.c can lead to realloc
misbehavior (e.g., allocating too few bytes, or only freeing memory).
Backport patch from:
https://github.com/libexpat/libexpat/pull/534/commits/0adcb34c49bee5b19bd29b16a578c510c23597ea
CVE: CVE-2021-45960
(From OE-Core rev: 22fe1dea3164a5cd4d5636376f3671641ada1da9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts/contrib/convert-srcuri.py')
0 files changed, 0 insertions, 0 deletions
