On Thu, 2013-06-20 at 19:09 +0800, [email protected] wrote: > From: Jackie Huang <[email protected]> > > Multiple integer overflows in libxml2, as used in Google Chrome > before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to > cause a denial of service or possibly have unspecified other impact via > unknown vectors. > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2807 > > Signed-off-by: Li Wang <[email protected]> > Signed-off-by: Jackie Huang <[email protected]> > --- > .../libxml/libxml2/libxml2-fix-CVE-2012-2807.patch | 78 > ++++++++++++++++++++ > meta/recipes-core/libxml/libxml2_2.9.1.bb | 1 + > 2 files changed, 79 insertions(+), 0 deletions(-) > create mode 100644 > meta/recipes-core/libxml/libxml2/libxml2-fix-CVE-2012-2807.patch > > diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix-CVE-2012-2807.patch > b/meta/recipes-core/libxml/libxml2/libxml2-fix-CVE-2012-2807.patch > new file mode 100644 > index 0000000..f796ab7 > --- /dev/null > +++ b/meta/recipes-core/libxml/libxml2/libxml2-fix-CVE-2012-2807.patch > @@ -0,0 +1,78 @@ > +Attempt to address libxml crash. > + > +BUG=129930 > +Review URL: https://chromiumcodereview.appspot.com/10458051 > + > +https://src.chromium.org/viewvc/chrome?view=rev&revision=142822 > + > +2012-2807 > +Multiple integer overflows in libxml2, as used in Google Chrome > +before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to > cause \ > +a denial of service or possibly have unspecified other impact via unknown > vectors. > +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2807 > + > +Signed-off-by: Li Wang <[email protected]>
No Upstream-Status field. Cheers, Richard _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
