diff options
Diffstat (limited to 'main/libxml2')
| -rw-r--r-- | main/libxml2/APKBUILD | 6 | ||||
| -rw-r--r-- | main/libxml2/CVE-2012-5134.patch | 21 |
2 files changed, 25 insertions, 2 deletions
diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD index f9f52acdfbd..01959c31967 100644 --- a/main/libxml2/APKBUILD +++ b/main/libxml2/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter <clandmeter at gmail> pkgname=libxml2 pkgver=2.7.8 -pkgrel=4 +pkgrel=5 pkgdesc="XML parsing library, version 2" url="http://www.xmlsoft.org/" arch="all" @@ -25,6 +25,7 @@ source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz libxml2-2.7.8-entities-local-buffers-size.patch libxml2-2.7.8-entities-local-buffers-size2.patch libxml2-2.7.8-parser-local-buffers-size.patch + CVE-2012-5134.patch " options="!strip" @@ -78,4 +79,5 @@ d1eff47d3bc99b38a09744345eaf3434 libxml2-2.7.8-xpath-freeing2.patch de02f584b928d3e25babc5c90aa800be libxml2-2.7.8-allocation-error-copying-entities.patch c8c789a4fbdae599a47ecbfa32b889d7 libxml2-2.7.8-entities-local-buffers-size.patch cba1201e77dc0f3e337d9ff146a2666e libxml2-2.7.8-entities-local-buffers-size2.patch -6c5c7a125dddb616feb1b2f4254bf467 libxml2-2.7.8-parser-local-buffers-size.patch" +6c5c7a125dddb616feb1b2f4254bf467 libxml2-2.7.8-parser-local-buffers-size.patch +fe428448d74481d7547bc173cb40ef26 CVE-2012-5134.patch" diff --git a/main/libxml2/CVE-2012-5134.patch b/main/libxml2/CVE-2012-5134.patch new file mode 100644 index 00000000000..70905aaa759 --- /dev/null +++ b/main/libxml2/CVE-2012-5134.patch @@ -0,0 +1,21 @@ +From 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Mon, 29 Oct 2012 02:39:55 +0000 +Subject: Fix potential out of bound access + +--- +diff --git a/parser.c b/parser.c +index 0d8d7f2..bd634e9 100644 +--- a/parser.c ++++ b/parser.c +@@ -4076,7 +4076,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + goto error; + + if ((in_space) && (normalize)) { +- while (buf[len - 1] == 0x20) len--; ++ while ((len > 0) && (buf[len - 1] == 0x20)) len--; + } + buf[len] = 0; + if (RAW == '<') { +-- +cgit v0.9.0.2 |