expat: fix CVE-2022-23852 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Steve Sakoman <steve@sakoman.com>	2022-01-31 07:08:36 -1000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-16 09:48:51 +0000
commit	5eab654048d219426f88d20896935454b40c9cf2 (patch)
tree	7f4622f4de4246bd64b00285ed54a11585ba7e3e /scripts/lib/checklayer/context.py
parent	b03d18892cdd59418bebcf9f7f7a3d12815beb76 (diff)
download	poky-5eab654048d219426f88d20896935454b40c9cf2.tar.gz

expat: fix CVE-2022-23852

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer for configurations with a nonzero XML_CONTEXT_BYTES. Backport patch from: https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 CVE: CVE-2022-23852 (From OE-Core rev: 37b618d44ebd965ba17bb61ddf6428cdaea876e5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/checklayer/context.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: