wok-current diff libxml2/stuff/CVE-2024-34459.patch @ rev 25792
Fix openbox menu, label keymap on lxpanel and add miss it translation for tazpkg
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Tue Oct 07 05:55:24 2025 +0000 (2 weeks ago) |
| parents | |
| children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/libxml2/stuff/CVE-2024-34459.patch Tue Oct 07 05:55:24 2025 +0000 1.3 @@ -0,0 +1,25 @@ 1.4 +From 8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 Mon Sep 17 00:00:00 2001 1.5 +From: Nick Wellnhofer <wellnhofer@aevum.de> 1.6 +Date: Wed, 8 May 2024 11:49:31 +0200 1.7 +Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout` 1.8 + 1.9 +Add a missing bounds check. 1.10 +--- 1.11 + xmllint.c | 2 +- 1.12 + 1 file changed, 1 insertion(+), 1 deletion(-) 1.13 + 1.14 +diff --git a/xmllint.c b/xmllint.c 1.15 +index 0e433b721..62f6b0273 100644 1.16 +--- a/xmllint.c 1.17 ++++ b/xmllint.c 1.18 +@@ -559,7 +559,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) { 1.19 + len = strlen(buffer); 1.20 + snprintf(&buffer[len], sizeof(buffer) - len, "\n"); 1.21 + cur = input->cur; 1.22 +- while ((*cur == '\n') || (*cur == '\r')) 1.23 ++ while ((cur > base) && ((*cur == '\n') || (*cur == '\r'))) 1.24 + cur--; 1.25 + n = 0; 1.26 + while ((cur != base) && (n++ < 80)) { 1.27 +-- 1.28 +GitLab