mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-07 16:59:22 +00:00
Code Issues Projects Releases Wiki Activity

libxml2: upgrade 2.13.6 -> 2.13.8

Browse Source 
This includes CVE-fix for CVE-2025-32414 and CVE-2025-32415.

Changelog:
===========
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.7
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8

Regressions

* tree: Fix xmlTextMerge with NULL args
* io: Fix compressed flag for uncompressed stdin
* parser: Fix parsing of DTD content

Security

* [CVE-2025-32415] schemas: Fix heap buffer overflow inxmlSchemaIDCFillNodeTables
* [CVE-2025-32414] python: Read at most len/4 characters. (Maks Verver)

(From OE-Core rev: 0b24113405ab0bbb3200bb47fa8ed6abeaa7481b)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Divya Chellam
2025-04-29 11:33:59 +00:00
committed by Richard Purdie
parent 3ebf7d353d
commit 9218ec5b00
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/libxml/libxml2_2.13.6.bb → meta/recipes-core/libxml/libxml2_2.13.8.bb
+1 -1
View File
@@ -19,7 +19,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt
file://install-tests.patch \
"
SRC_URI[archive.sha256sum] = "f453480307524968f7a04ec65e64f2a83a825973bcd260a2e7691be82ae70c96"
SRC_URI[archive.sha256sum] = "277294cb33119ab71b2bc81f2f445e9bc9435b893ad15bb2cd2b0e859a0ee84a"
SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273"
# Disputed as a security issue, but fixed in d39f780