From: jhuang0 <jackie.huang@windriver.com>
To: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH] libxml2 CVE-2012-2807
Date: Fri, 21 Jun 2013 10:33:20 +0800 [thread overview]
Message-ID: <51C3BB70.10700@windriver.com> (raw)
In-Reply-To: <1371730296.20823.231.camel@ted>
On 6/20/2013 8:11 PM, Richard Purdie wrote:
> On Thu, 2013-06-20 at 19:09 +0800, jackie.huang@windriver.com wrote:
>> From: Jackie Huang <jackie.huang@windriver.com>
>>
>> Multiple integer overflows in libxml2, as used in Google Chrome
>> before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to
>> cause a denial of service or possibly have unspecified other impact via unknown vectors.
>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2807
>>
>> Signed-off-by: Li Wang <li.wang@windriver.com>
>> Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
>> ---
>> .../libxml/libxml2/libxml2-fix-CVE-2012-2807.patch | 78 ++++++++++++++++++++
>> meta/recipes-core/libxml/libxml2_2.9.1.bb | 1 +
>> 2 files changed, 79 insertions(+), 0 deletions(-)
>> create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix-CVE-2012-2807.patch
>>
>> diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix-CVE-2012-2807.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix-CVE-2012-2807.patch
>> new file mode 100644
>> index 0000000..f796ab7
>> --- /dev/null
>> +++ b/meta/recipes-core/libxml/libxml2/libxml2-fix-CVE-2012-2807.patch
>> @@ -0,0 +1,78 @@
>> +Attempt to address libxml crash.
>> +
>> +BUG=129930
>> +Review URL: https://chromiumcodereview.appspot.com/10458051
>> +
>> +https://src.chromium.org/viewvc/chrome?view=rev&revision=142822
>> +
>> +2012-2807
>> +Multiple integer overflows in libxml2, as used in Google Chrome
>> +before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to cause \
>> +a denial of service or possibly have unspecified other impact via unknown vectors.
>> +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2807
>> +
>> +Signed-off-by: Li Wang <li.wang@windriver.com>
>
> No Upstream-Status field.
Added and sent v2 for it.
Thanks,
jackie
>
> Cheers,
>
> Richard
>
>
>
--
Jackie Huang
WIND RIVER | China Development Center
MSN:jackielily@hotmail.com
Tel: +86 8477 8594
Mobile: +86 138 1027 4745
prev parent reply other threads:[~2013-06-21 2:33 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-20 11:09 [PATCH] libxml2 CVE-2012-2807 jackie.huang
2013-06-20 12:11 ` Richard Purdie
2013-06-21 2:33 ` jhuang0 [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51C3BB70.10700@windriver.com \
--to=jackie.huang@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.