Commit Graph

5 Commits

Author SHA1 Message Date
Jitka Plesníková
c5c1eb9c3e Add gating configuration 2026-06-23 12:25:57 +02:00
RHEL Packaging Agent
7cff283a57 Fix CVE-2026-8177: out-of-bounds UTF-8 heap read in perl-XML-LibXML
Backport upstream commit 059abf5f9336e to fix CVE-2026-8177,
an out-of-bounds heap read caused by the hand-rolled UTF-8
parser in domParseChar(). The patch removes domParseChar()
from dom.c/dom.h and replaces the custom name validation in
LibXML_test_node_name() (LibXML.xs) with libxml2's
xmlValidateName(), which correctly handles truncated and
malformed UTF-8 sequences. A new regression test
(t/48_security_oob_utf8_gh146.t) with 65 test cases is
included to verify the fix across multiple DOM entry points.

CVE: CVE-2026-8177
Upstream patches:
 - 059abf5f93.patch
Resolves: RHEL-186519

This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.

Assisted-by: Ymir
2026-06-23 06:48:19 +00:00
Adam Samalik
45ddd8fbcf re-import sources as agreed with the maintainer 2023-06-30 07:33:29 +02:00
James Antill
a3a34acb9b Import rpm: c8s 2023-02-27 14:57:46 -05:00
James Antill
82388e751c Initial c8s branch. 2022-05-26 13:16:00 -04:00