Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
libxml2.32555
libxml2-CVE-2024-25062.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libxml2-CVE-2024-25062.patch of Package libxml2.32555
From 1a66b176055d25ee635bf328c7b35b381db0b71d Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer <wellnhofer@aevum.de> Date: Sat, 14 Oct 2023 22:45:54 +0200 Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking Fixes a use-after-free if XML Reader if used with DTD validation and XInclude expansion. Fixes #604. --- xmlreader.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xmlreader.c b/xmlreader.c index 3bdb8228..6486c7da 100644 --- a/xmlreader.c +++ b/xmlreader.c @@ -1428,6 +1428,7 @@ node_found: * Handle XInclude if asked for */ if ((reader->xinclude) && (reader->in_xinclude == 0) && + (reader->state != XML_TEXTREADER_BACKTRACK) && (reader->node != NULL) && (reader->node->type == XML_ELEMENT_NODE) && (reader->node->ns != NULL) && -- GitLab
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor