libxml2

Author SHA1 Message Date

Author	SHA1	Message	Date
RHEL Packaging Agent	79a011bc91	Fix CVE-2025-9714: XPath depth check with recursive invocations The patch fixes XPath depth check to work properly with recursive invocations. EXSLT functions like dyn:map or dyn:evaluate invoke xmlXPathRunEval recursively, which could lead to stack overflows. The fix keeps and restores the original depth value instead of resetting it to zero. CVE: CVE-2025-9714 Upstream fix: `677a42645e`.patch Resolves: RHEL-119283 This commit was backported by Jotnar, a Red Hat Enterprise Linux software maintenance AI agent. Assisted-by: Jotnar	2025-11-04 09:40:07 +00:00

RHEL Packaging Agent

79a011bc91

Fix CVE-2025-9714: XPath depth check with recursive invocations

The patch fixes XPath depth check to work properly with recursive
invocations. EXSLT functions like dyn:map or dyn:evaluate invoke
xmlXPathRunEval recursively, which could lead to stack overflows.
The fix keeps and restores the original depth value instead of
resetting it to zero.

CVE: CVE-2025-9714
Upstream fix: 677a42645e.patch
Resolves: RHEL-119283

This commit was backported by Jotnar, a Red Hat Enterprise Linux software maintenance AI agent.

Assisted-by: Jotnar

2025-11-04 09:40:07 +00:00

1 Commits