OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.02 2015-11-22T12:44:47+00:00 2015-11-22T12:44:47+00:00 Danomi Manchego danomimanchego123@gmail.com 2015-11-22T01:38:28+00:00 urn:sha1:08e08586b579d8a339ed6f1e3da01676fa3a7010 - Fixes: - CVE-2015-5312 - Another entity expansion issue - CVE-2015-7497 - Avoid an heap buffer overflow in xmlDictComputeFastQKey - CVE-2015-7500 - Fix memory access error due to incorrect entities boundaries - CVE-2015-8242 - Buffer overead with HTML parser in push mode - Incorporates upstreamed patches as well, which also fixed: - CVE-2015-1819 - The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. - CVE-2015-7941 - out-of-bounds memory access. - CVE-2015-7942 - heap-buffer-overflow in xmlParseConditionalSections. - CVE-2015-8035 - DoS via crafted xz file. Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2014-10-17T12:17:48+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2014-10-16T19:02:40+00:00 urn:sha1:841c63ce669d67481450b57f0f99b44c736d97dc Fixes: CVE-2014-3660 - billion laugh variant CVE-2014-0191 - Do not fetch external parameter entities Also add hash file. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>