Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
python-libxml2-python
libxml2-CVE-2024-25062.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libxml2-CVE-2024-25062.patch of Package python-libxml2-python
From 1a66b176055d25ee635bf328c7b35b381db0b71d Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer <wellnhofer@aevum.de> Date: Sat, 14 Oct 2023 22:45:54 +0200 Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking Fixes a use-after-free if XML Reader if used with DTD validation and XInclude expansion. Fixes #604. --- xmlreader.c | 1 + 1 file changed, 1 insertion(+) Index: libxml2-2.9.7/xmlreader.c =================================================================== --- libxml2-2.9.7.orig/xmlreader.c +++ libxml2-2.9.7/xmlreader.c @@ -1511,6 +1511,7 @@ node_found: * Handle XInclude if asked for */ if ((reader->xinclude) && (reader->node != NULL) && + (reader->state != XML_TEXTREADER_BACKTRACK) && (reader->node->type == XML_ELEMENT_NODE) && (reader->node->ns != NULL) && ((xmlStrEqual(reader->node->ns->href, XINCLUDE_NS)) ||
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor