import UBI libxml2-2.9.13-14.el9_8.1

This commit is contained in:
AlmaLinux RelEng Bot 2026-06-24 19:10:49 -04:00
parent 8ae3c533fb
commit a5110e772b
2 changed files with 32 additions and 1 deletions

View File

@ -0,0 +1,26 @@
From 8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Wed, 8 May 2024 11:49:31 +0200
Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout`
Add a missing bounds check.
---
xmllint.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xmllint.c b/xmllint.c
index 0e433b721..62f6b0273 100644
--- a/xmllint.c
+++ b/xmllint.c
@@ -559,7 +559,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) {
len = strlen(buffer);
snprintf(&buffer[len], sizeof(buffer) - len, "\n");
cur = input->cur;
- while ((*cur == '\n') || (*cur == '\r'))
+ while ((cur > base) && ((*cur == '\n') || (*cur == '\r')))
cur--;
n = 0;
while ((cur != base) && (n++ < 80)) {
--
GitLab

View File

@ -1,6 +1,6 @@
Name: libxml2
Version: 2.9.13
Release: 14%{?dist}
Release: 14%{?dist}.1
Summary: Library providing XML and HTML support
License: MIT
@ -43,6 +43,8 @@ Patch16: libxml2-2.12.5-CVE-2025-32415.patch
Patch17: libxml2-2.9.13-CVE-2025-32414.patch
# https://issues.redhat.com/browse/RHEL-119283
Patch18: RHEL-119283.patch
# https://redhat.atlassian.net/browse/RHEL-177882
Patch19: libxml2-2.9.13-CVE-2024-34459.patch
BuildRequires: cmake-rpm-macros
BuildRequires: gcc
@ -171,6 +173,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
%{python3_sitearch}/libxml2mod.so
%changelog
* Mon May 18 2026 David King <dking@redhat.com> - 2.9.13-14.1
- Fix CVE-2024-34459 (RHEL-177882)
* Tue Nov 13 2025 Laura Barcziova <lbarczio@redhat.com> - 2.9.13-14
- Rebuilt for the correct target in RHEL (9.7-z) (RHEL-119283)