* [Buildroot] [PATCH] libxml2: add security fix
@ 2018-02-09 9:07 Baruch Siach
2018-02-10 9:14 ` Thomas Petazzoni
2018-04-10 20:44 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Baruch Siach @ 2018-02-09 9:07 UTC (permalink / raw)
To: buildroot
CVE-2017-8872: An attackers can cause a denial of service (buffer
over-read) or information disclosure.
Patch from the upstream bug tracker.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
package/libxml2/0001-CVE-2017-8872.patch | 33 ++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
create mode 100644 package/libxml2/0001-CVE-2017-8872.patch
diff --git a/package/libxml2/0001-CVE-2017-8872.patch b/package/libxml2/0001-CVE-2017-8872.patch
new file mode 100644
index 000000000000..b7a75c19a74f
--- /dev/null
+++ b/package/libxml2/0001-CVE-2017-8872.patch
@@ -0,0 +1,33 @@
+From 8b329effb610f4138e4e680f6a6867570f6d6179 Mon Sep 17 00:00:00 2001
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Fri, 9 Feb 2018 10:58:11 +0200
+Subject: [PATCH] CVE-2017-8872
+
+Taken from attachment to upstream bug report comment #9.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=775200#c9
+https://bugzilla.gnome.org/attachment.cgi?id=366193&action=diff
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+ parser.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index 1c5e036ea265..025111067ae8 100644
+--- a/parser.c
++++ b/parser.c
+@@ -12467,6 +12467,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
+ ctxt->input->cur = BAD_CAST"";
+ ctxt->input->base = ctxt->input->cur;
+ ctxt->input->end = ctxt->input->cur;
++ if (ctxt->input->buf)
++ xmlBufEmpty (ctxt->input->buf->buffer);
++ else
++ ctxt->input->length = 0;
+ }
+ }
+
+--
+2.15.1
+
--
2.15.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] libxml2: add security fix
2018-02-09 9:07 [Buildroot] [PATCH] libxml2: add security fix Baruch Siach
@ 2018-02-10 9:14 ` Thomas Petazzoni
2018-04-10 20:44 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2018-02-10 9:14 UTC (permalink / raw)
To: buildroot
Hello,
On Fri, 9 Feb 2018 11:07:58 +0200, Baruch Siach wrote:
> CVE-2017-8872: An attackers can cause a denial of service (buffer
> over-read) or information disclosure.
>
> Patch from the upstream bug tracker.
>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
> package/libxml2/0001-CVE-2017-8872.patch | 33 ++++++++++++++++++++++++++++++++
> 1 file changed, 33 insertions(+)
> create mode 100644 package/libxml2/0001-CVE-2017-8872.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] libxml2: add security fix
2018-02-09 9:07 [Buildroot] [PATCH] libxml2: add security fix Baruch Siach
2018-02-10 9:14 ` Thomas Petazzoni
@ 2018-04-10 20:44 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2018-04-10 20:44 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> CVE-2017-8872: An attackers can cause a denial of service (buffer
> over-read) or information disclosure.
> Patch from the upstream bug tracker.
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-04-10 20:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-02-09 9:07 [Buildroot] [PATCH] libxml2: add security fix Baruch Siach
2018-02-10 9:14 ` Thomas Petazzoni
2018-04-10 20:44 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.