wok-current annotate libxml2/stuff/CVE-2024-25062.patch @ rev 25792
Fix openbox menu, label keymap on lxpanel and add miss it translation for tazpkg
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Tue Oct 07 05:55:24 2025 +0000 (2 weeks ago) |
| parents | |
| children |
| rev | line source |
|---|---|
| shann@25659 | 1 From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001 |
| shann@25659 | 2 From: Nick Wellnhofer <wellnhofer@aevum.de> |
| shann@25659 | 3 Date: Sat, 14 Oct 2023 22:45:54 +0200 |
| shann@25659 | 4 Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when |
| shann@25659 | 5 backtracking |
| shann@25659 | 6 |
| shann@25659 | 7 Fixes a use-after-free if XML Reader if used with DTD validation and |
| shann@25659 | 8 XInclude expansion. |
| shann@25659 | 9 |
| shann@25659 | 10 Fixes #604. |
| shann@25659 | 11 |
| shann@25659 | 12 Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7] |
| shann@25659 | 13 CVE: CVE-2024-25062 |
| shann@25659 | 14 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> |
| shann@25659 | 15 --- |
| shann@25659 | 16 xmlreader.c | 1 + |
| shann@25659 | 17 1 file changed, 1 insertion(+) |
| shann@25659 | 18 |
| shann@25659 | 19 diff --git a/xmlreader.c b/xmlreader.c |
| shann@25659 | 20 index 979385a13..fefd68e0b 100644 |
| shann@25659 | 21 --- a/xmlreader.c |
| shann@25659 | 22 +++ b/xmlreader.c |
| shann@25659 | 23 @@ -1443,6 +1443,7 @@ node_found: |
| shann@25659 | 24 * Handle XInclude if asked for |
| shann@25659 | 25 */ |
| shann@25659 | 26 if ((reader->xinclude) && (reader->in_xinclude == 0) && |
| shann@25659 | 27 + (reader->state != XML_TEXTREADER_BACKTRACK) && |
| shann@25659 | 28 (reader->node != NULL) && |
| shann@25659 | 29 (reader->node->type == XML_ELEMENT_NODE) && |
| shann@25659 | 30 (reader->node->ns != NULL) && |
| shann@25659 | 31 -- |
| shann@25659 | 32 GitLab |
| shann@25659 | 33 |