import UBI libxml2-2.9.13-6.el9_4
This commit is contained in:
parent
54994d265a
commit
2d352ebae8
29
SOURCES/libxml2-2.11.6-CVE-2024-25062.patch
Normal file
29
SOURCES/libxml2-2.11.6-CVE-2024-25062.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||||
|
Date: Sat, 14 Oct 2023 22:45:54 +0200
|
||||||
|
Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
|
||||||
|
backtracking
|
||||||
|
|
||||||
|
Fixes a use-after-free if XML Reader if used with DTD validation and
|
||||||
|
XInclude expansion.
|
||||||
|
|
||||||
|
Fixes #604.
|
||||||
|
---
|
||||||
|
xmlreader.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/xmlreader.c b/xmlreader.c
|
||||||
|
index 979385a13..fefd68e0b 100644
|
||||||
|
--- a/xmlreader.c
|
||||||
|
+++ b/xmlreader.c
|
||||||
|
@@ -1443,6 +1443,7 @@ node_found:
|
||||||
|
* Handle XInclude if asked for
|
||||||
|
*/
|
||||||
|
if ((reader->xinclude) && (reader->in_xinclude == 0) &&
|
||||||
|
+ (reader->state != XML_TEXTREADER_BACKTRACK) &&
|
||||||
|
(reader->node != NULL) &&
|
||||||
|
(reader->node->type == XML_ELEMENT_NODE) &&
|
||||||
|
(reader->node->ns != NULL) &&
|
||||||
|
--
|
||||||
|
GitLab
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
Name: libxml2
|
Name: libxml2
|
||||||
Version: 2.9.13
|
Version: 2.9.13
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
Summary: Library providing XML and HTML support
|
Summary: Library providing XML and HTML support
|
||||||
|
|
||||||
License: MIT
|
License: MIT
|
||||||
@ -22,6 +22,8 @@ Patch6: libxml2-2.9.13-CVE-2023-28484.2.patch
|
|||||||
Patch7: libxml2-2.9.13-CVE-2023-29469.patch
|
Patch7: libxml2-2.9.13-CVE-2023-29469.patch
|
||||||
# https://issues.redhat.com/browse/RHEL-5180
|
# https://issues.redhat.com/browse/RHEL-5180
|
||||||
Patch8: libxml2-2.11.0-fix-CVE-2023-39615.patch
|
Patch8: libxml2-2.11.0-fix-CVE-2023-39615.patch
|
||||||
|
# https://issues.redhat.com/browse/RHEL-34457
|
||||||
|
Patch9: libxml2-2.11.6-CVE-2024-25062.patch
|
||||||
|
|
||||||
BuildRequires: cmake-rpm-macros
|
BuildRequires: cmake-rpm-macros
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
@ -150,6 +152,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
|
|||||||
%{python3_sitearch}/libxml2mod.so
|
%{python3_sitearch}/libxml2mod.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Apr 29 2024 David King <amigadave@amigadave.com> - 2.9.13-6
|
||||||
|
- Fix CVE-2024-25062 (RHEL-29196)
|
||||||
|
|
||||||
* Thu Sep 14 2023 David King <amigadave@amigadave.com> - 2.9.13-5
|
* Thu Sep 14 2023 David King <amigadave@amigadave.com> - 2.9.13-5
|
||||||
- Fix CVE-2023-39615 (RHEL-5180)
|
- Fix CVE-2023-39615 (RHEL-5180)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user