expat: fix CVE-2022-25313 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Steve Sakoman <steve@sakoman.com>	2022-02-28 05:43:58 -1000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-03-09 17:30:48 +0000
commit	e173db21d0899a5cb185f01f8aaf92156d3e910c (patch)
tree	1698cef9239d34c763761f62a30495148fd1643f /scripts/lib/scriptpath.py
parent	746111afa001dc99c95fc56dc242b5f00a0bc1b9 (diff)
download	poky-e173db21d0899a5cb185f01f8aaf92156d3e910c.tar.gz

expat: fix CVE-2022-25313

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Backport patch from: https://github.com/libexpat/libexpat/pull/558/commits/9b4ce651b26557f16103c3a366c91934ecd439ab Also add patch which fixes a regression introduced in the above fix: https://github.com/libexpat/libexpat/pull/566 CVE: CVE-2022-25313 (From OE-Core rev: 8105700b1d6d23c87332f453bdc7379999bb4b03) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/scriptpath.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: