wok-current view libxml2/stuff/CVE-2024-25062.patch @ rev 25792
Fix openbox menu, label keymap on lxpanel and add miss it translation for tazpkg
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Tue Oct 07 05:55:24 2025 +0000 (2 weeks ago) |
| parents | |
| children |
line source
1 From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001
2 From: Nick Wellnhofer <wellnhofer@aevum.de>
3 Date: Sat, 14 Oct 2023 22:45:54 +0200
4 Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
5 backtracking
7 Fixes a use-after-free if XML Reader if used with DTD validation and
8 XInclude expansion.
10 Fixes #604.
12 Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7]
13 CVE: CVE-2024-25062
14 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
15 ---
16 xmlreader.c | 1 +
17 1 file changed, 1 insertion(+)
19 diff --git a/xmlreader.c b/xmlreader.c
20 index 979385a13..fefd68e0b 100644
21 --- a/xmlreader.c
22 +++ b/xmlreader.c
23 @@ -1443,6 +1443,7 @@ node_found:
24 * Handle XInclude if asked for
25 */
26 if ((reader->xinclude) && (reader->in_xinclude == 0) &&
27 + (reader->state != XML_TEXTREADER_BACKTRACK) &&
28 (reader->node != NULL) &&
29 (reader->node->type == XML_ELEMENT_NODE) &&
30 (reader->node->ns != NULL) &&
31 --
32 GitLab