import UBI libxml2-2.12.5-10.el10_2.1

This commit is contained in:
AlmaLinux RelEng Bot 2026-06-23 20:43:42 -04:00
parent 990c4a0b4b
commit 9b535c23dc
2 changed files with 34 additions and 1 deletions

View File

@ -0,0 +1,28 @@
From 3ad7f81624572ebd5b9e6058c9f67d38207c10e2 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Wed, 8 May 2024 11:49:31 +0200
Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout`
Add a missing bounds check.
Fixes #720.
---
xmllint.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xmllint.c b/xmllint.c
index b2afbe969..35c328578 100644
--- a/xmllint.c
+++ b/xmllint.c
@@ -543,7 +543,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) {
len = strlen(buffer);
snprintf(&buffer[len], sizeof(buffer) - len, "\n");
cur = input->cur;
- while ((*cur == '\n') || (*cur == '\r'))
+ while ((cur > base) && ((*cur == '\n') || (*cur == '\r')))
cur--;
n = 0;
while ((cur != base) && (n++ < 80)) {
--
GitLab

View File

@ -1,6 +1,6 @@
Name: libxml2
Version: 2.12.5
Release: 10%{?dist}
Release: 10%{?dist}.1
Summary: Library providing XML and HTML support
# list.c, dict.c and few others use ISC-Veillard
@ -39,6 +39,8 @@ Patch9: libxml2-2.12.5-CVE-2025-32415.patch
Patch10: libxml2-2.12.5-CVE-2025-32414.patch
# https://issues.redhat.com/browse/RHEL-126768
Patch11: libxml2-2.12.5-xmllint-error-code.patch
# https://redhat.atlassian.net/browse/RHEL-177890
Patch12: libxml2-2.12.5-CVE-2024-34459.patch
BuildRequires: cmake-rpm-macros
BuildRequires: gcc
@ -179,6 +181,9 @@ popd
%{python3_sitelib}/__pycache__/drv_libxml2.*
%changelog
* Mon May 18 2026 David King <dking@redhat.com> - 2.12.5-10.1
- Fix CVE-2024-34459 (RHEL-177890)
* Mon Jan 26 2026 David King <dking@redhat.com> - 2.12.5-10
- Fix xmllint error code (RHEL-126768)