[Buildroot] [PATCH] expat: add fix for CVE-2016-0718
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Sun May 22 21:06:58 UTC 2016
Hello,
On Thu, 19 May 2016 09:33:54 -0300, Gustavo Zacarias wrote:
> Fixes:
> CVE-2016-0718 - The Expat XML parser mishandles certain kinds of
> malformed input documents, resulting in buffer overflows during
> processing and error reporting. The overflows can manifest as a
> segmentation fault or as memory corruption during a parse operation. The
> bugs allow for a denial of service attack in many applications by an
> unauthenticated attacker, and could conceivably result in remote code
> execution.
>
> Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
> ---
> package/expat/0001-fix-CVE-2016-0718.patch | 757 +++++++++++++++++++++++++++++
> 1 file changed, 757 insertions(+)
> create mode 100644 package/expat/0001-fix-CVE-2016-0718.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list