wok-current diff libxml2/stuff/CVE-2024-25062.patch @ rev 25792
Fix openbox menu, label keymap on lxpanel and add miss it translation for tazpkg
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Tue Oct 07 05:55:24 2025 +0000 (2 weeks ago) |
| parents | |
| children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/libxml2/stuff/CVE-2024-25062.patch Tue Oct 07 05:55:24 2025 +0000 1.3 @@ -0,0 +1,33 @@ 1.4 +From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001 1.5 +From: Nick Wellnhofer <wellnhofer@aevum.de> 1.6 +Date: Sat, 14 Oct 2023 22:45:54 +0200 1.7 +Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when 1.8 + backtracking 1.9 + 1.10 +Fixes a use-after-free if XML Reader if used with DTD validation and 1.11 +XInclude expansion. 1.12 + 1.13 +Fixes #604. 1.14 + 1.15 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7] 1.16 +CVE: CVE-2024-25062 1.17 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> 1.18 +--- 1.19 + xmlreader.c | 1 + 1.20 + 1 file changed, 1 insertion(+) 1.21 + 1.22 +diff --git a/xmlreader.c b/xmlreader.c 1.23 +index 979385a13..fefd68e0b 100644 1.24 +--- a/xmlreader.c 1.25 ++++ b/xmlreader.c 1.26 +@@ -1443,6 +1443,7 @@ node_found: 1.27 + * Handle XInclude if asked for 1.28 + */ 1.29 + if ((reader->xinclude) && (reader->in_xinclude == 0) && 1.30 ++ (reader->state != XML_TEXTREADER_BACKTRACK) && 1.31 + (reader->node != NULL) && 1.32 + (reader->node->type == XML_ELEMENT_NODE) && 1.33 + (reader->node->ns != NULL) && 1.34 +-- 1.35 +GitLab 1.36 +