On Fri, 2024-03-29 at 05:02 +, Meenali Gupta via
lists.openembedded.org wrote:
> +2.40.0
> diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch
> b/meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch
> new file mode 100644
> index 00..8ca364e4eb
> --- /dev/null
>
From: Meenali Gupta
libexpat through 2.5.0 allows a denial of service (resource consumption) because
many full reparsings are required in the case of a large token for which
multiple
buffer fills are needed.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-52425
Signed-off-by: Meenali