Re: [PATCH] libxml2 CVE-2012-2871

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Saul Wold <sgw@linux.intel.com>
To: Li Wang <li.wang@windriver.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH] libxml2 CVE-2012-2871
Date: Mon, 17 Dec 2012 10:09:25 -0800	[thread overview]
Message-ID: <50CF5FD5.2000003@linux.intel.com> (raw)
In-Reply-To: <1355378061-7514-1-git-send-email-li.wang@windriver.com>


Li,

All your recent CVE patches are missing Upsteam-Status: Backport in the 
patch header, please add that and send V2's!

Thanks
	Sau!


On 12/12/2012 09:54 PM, Li Wang wrote:
> the patch come from:
> http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \
> /include/libxml/tree.h?r1=56276&r2=149930
>
> libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89,
> does not properly support a cast of an unspecified variable during handling
> of XSL transforms, which allows remote attackers to cause a denial of service
> or possibly have unknown other impact via a crafted document, related to the
> _xmlNs data structure in include/libxml/tree.h.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871
>
> [YOCTO #3580]
> [ CQID: WIND00376779 ]
> Upstream-Status: Pending
>
> Signed-off-by: Li Wang <li.wang@windriver.com>
> ---
>   .../libxml/libxml2/libxml2-CVE-2012-2871.patch     | 34 ++++++++++++++++++++++
>   meta/recipes-core/libxml/libxml2_2.9.0.bb          |  5 +++-
>   2 files changed, 38 insertions(+), 1 deletion(-)
>   create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch
>
> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch
> new file mode 100644
> index 0000000..3c66a9c
> --- /dev/null
> +++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch
> @@ -0,0 +1,34 @@
> +libxml2 CVE-2012-2871
> +
> +the patch come from:
> +http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \
> +/include/libxml/tree.h?r1=56276&r2=149930
> +
> +libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89,
> +does not properly support a cast of an unspecified variable during handling
> +of XSL transforms, which allows remote attackers to cause a denial of service
> +or possibly have unknown other impact via a crafted document, related to the
> +_xmlNs data structure in include/libxml/tree.h.
> +
> +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871
> +
> +Signed-off-by: Li Wang <li.wang@windriver.com>
> +---
> + include/libxml/tree.h |    1 +
> + 1 files changed, 1 insertions(+), 0 deletions(-)
> +
> +diff --git a/include/libxml/tree.h b/include/libxml/tree.h
> +index b733589..5422dda 100644
> +--- a/include/libxml/tree.h
> ++++ b/include/libxml/tree.h
> +@@ -351,6 +351,7 @@ struct _xmlNs {
> +     struct _xmlNs  *next;	/* next Ns link for this node  */
> +     xmlNsType      type;	/* global or local */
> +     const xmlChar *href;	/* URL for the namespace */
> ++    const char *dummy_children;	/* lines up with node->children */
> +     const xmlChar *prefix;	/* prefix for the namespace */
> +     void           *_private;   /* application data */
> +     struct _xmlDoc *context;		/* normally an xmlDoc */
> +--
> +1.7.0.5
> +
> diff --git a/meta/recipes-core/libxml/libxml2_2.9.0.bb b/meta/recipes-core/libxml/libxml2_2.9.0.bb
> index a022ae9..ecc19fb 100644
> --- a/meta/recipes-core/libxml/libxml2_2.9.0.bb
> +++ b/meta/recipes-core/libxml/libxml2_2.9.0.bb
> @@ -1,6 +1,9 @@
>   require libxml2.inc
>
> -PR = "${INC_PR}.0"
> +PR = "${INC_PR}.1"
>
>   SRC_URI[md5sum] = "5b9bebf4f5d2200ae2c4efe8fa6103f7"
>   SRC_URI[sha256sum] = "ad25d91958b7212abdc12b9611cfb4dc4e5cddb6d1e9891532f48aacee422b82"
> +
> +SRC_URI += "file://libxml2-CVE-2012-2871.patch \
> +	   "
>

next prev parent reply	other threads:[~2012-12-17 18:24 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-12-13  5:54 [PATCH] libxml2 CVE-2012-2871 Li Wang
2012-12-17 18:09 ` Saul Wold [this message]
2012-12-17 18:20   ` Saul Wold

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=50CF5FD5.2000003@linux.intel.com \
    --to=sgw@linux.intel.com \
    --cc=li.wang@windriver.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.