Perl interface to the libxml2 library
Go to file
RHEL Packaging Agent 7cff283a57 Fix CVE-2026-8177: out-of-bounds UTF-8 heap read in perl-XML-LibXML
Backport upstream commit 059abf5f9336e to fix CVE-2026-8177,
an out-of-bounds heap read caused by the hand-rolled UTF-8
parser in domParseChar(). The patch removes domParseChar()
from dom.c/dom.h and replaces the custom name validation in
LibXML_test_node_name() (LibXML.xs) with libxml2's
xmlValidateName(), which correctly handles truncated and
malformed UTF-8 sequences. A new regression test
(t/48_security_oob_utf8_gh146.t) with 65 test cases is
included to verify the fix across multiple DOM entry points.

CVE: CVE-2026-8177
Upstream patches:
 - 059abf5f93.patch
Resolves: RHEL-186519

This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.

Assisted-by: Ymir
2026-06-23 06:48:19 +00:00
.gitignore re-import sources as agreed with the maintainer 2023-06-30 07:33:29 +02:00
perl-XML-LibXML-2.0132-CVE-2026-8177.patch Fix CVE-2026-8177: out-of-bounds UTF-8 heap read in perl-XML-LibXML 2026-06-23 06:48:19 +00:00
perl-XML-LibXML.spec Fix CVE-2026-8177: out-of-bounds UTF-8 heap read in perl-XML-LibXML 2026-06-23 06:48:19 +00:00
sources Import rpm: c8s 2023-02-27 14:57:46 -05:00