[Buildroot] [PATCH] package/libxslt: add upstream security fix for CVE-2019-11068
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Wed Apr 24 19:20:02 UTC 2019
On Wed, 24 Apr 2019 15:37:18 +0200
Peter Korsgaard <peter at korsgaard.com> wrote:
> Fixes the following security issue:
>
> - CVE-2019-11068: libxslt through 1.1.33 allows bypass of a protection
> mechanism because callers of xsltCheckRead and xsltCheckWrite permit
> access even upon receiving a -1 error code. xsltCheckRead can return -1
> for a crafted URL that is not actually invalid and is subsequently loaded.
>
> Upstream bugtracker issue not yet public:
> https://gitlab.gnome.org/GNOME/libxslt/issues/12
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> .../0001-Fix-security-framework-bypass.patch | 122 +++++++++++++++++++++
> 1 file changed, 122 insertions(+)
> create mode 100644 package/libxslt/0001-Fix-security-framework-bypass.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list