sysmo-bts
/
generic-poky
9
0
Fork 0
Code Pull Requests Releases Activity
generic-poky/meta
History
Hongxu Jia d2b60efe20 libxml2: Fix CVE-2017-8872 
fix global-buffer-overflow in htmlParseTryOrFinish (HTMLparser.c:5403)

https://bugzilla.gnome.org/show_bug.cgi?id=775200

Here is the reproduce steps on ubuntu 16.04, use clang with "-fsanitize=address"
...
export CC="clang"
export CFLAGS="-fsanitize=address"

./configure --disable-shared

make clean all -j

wget https://bugzilla.gnome.org/attachment.cgi?id=340871 -O poc

./xmllint --html --push poc
==2785==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000000a0de21 at pc 0x0000006a7f6e bp 0x7ffdfe940c10 sp 0x7ffdfe940c08
READ of size 1 at 0x000000a0de21 thread T0    #0 0x6a7f6d
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7f6d)    #1 0x6a7356
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7356)    #2 0x4f4504
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f4504)    #3 0x4f045e
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f045e)    #4 0x7f81977d682f
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)    #5 0x419ad8
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x419ad8)
...

(From OE-Core rev: a615b0825927a09a0aa8312d131c9acbaef8956d)

(From OE-Core rev: 1c9d891886f35e6cc4485f244180d7d0ffa82cd3)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 		2017-09-11 22:15:58 +01:00
..
classes package.bbclass: Restore functionality to detect RPM dependencies 2017-08-31 17:57:12 +01:00
conf v86d, qemuboot-x86.inc: use KERNEL_MODULE_AUTOLOAD+KERNEL_MODULE_PROBECONF for uvesafb instead of fbsetup init script 2017-08-29 11:57:28 +01:00
files ext-sdk-prepare.py: use quiet mode when preparing sysroot 2017-04-19 10:38:37 +01:00
lib package.bbclass: Restore functionality to detect RPM dependencies 2017-08-31 17:57:12 +01:00
recipes-bsp gnu-efi: Fix build with gcc7 2017-08-29 11:57:29 +01:00
recipes-connectivity bind: Use correct python interpreter path 2017-08-31 17:57:12 +01:00
recipes-core libxml2: Fix CVE-2017-8872 2017-09-11 22:15:58 +01:00
recipes-devtools e2fsprogs: fix ptest script 2017-09-11 22:15:58 +01:00
recipes-extended ghostscript: CVE-2017-9727, -9835, -11714 2017-09-11 22:15:58 +01:00
recipes-gnome gtk+3: Update the patches to work with old versions of patch 2017-08-31 17:57:11 +01:00
recipes-graphics xserver-xorg: Fix CVE-2017-10971 2017-09-11 22:15:58 +01:00
recipes-kernel systemtap: ensure systemtap-native is available 2017-08-29 11:57:29 +01:00
recipes-lsb4 libpng12: Use rm instead of unlink 2017-03-10 14:50:11 +00:00
recipes-multimedia tiff: Security fixes 2017-09-11 22:15:58 +01:00
recipes-rt meta: remove True option to getVar calls 2016-12-16 10:23:23 +00:00
recipes-sato webkitgtk: Fix build on aarch64 2017-03-17 16:53:05 +00:00
recipes-support taglib: Security fix CVE-2017-12678 2017-09-11 22:15:58 +01:00
site siteinfo.bbclass: Add mipsisa{32, 64}r6{el, } support 2016-10-07 16:43:57 +01:00
COPYING.GPLv2 Fix license notices for OE-Core 2014-01-02 12:58:54 +00:00
COPYING.MIT
recipes.txt qt4: remove recipes and classes 2016-01-07 13:40:14 +00:00