diff options
author | Jack Hill <jackhill@jackhill.us> | 2019-07-10 16:23:03 -0400 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2019-07-12 00:39:01 +0200 |
commit | 5a836ce38c9c29e9c2bd306007347486b90c5064 (patch) | |
tree | ebc96aa474b77590be1871d2a75d941513c9b163 /gnu/packages/patches | |
parent | f85c8dd8aec96869d7b56e2e926d2e2e758da1cf (diff) | |
download | guix-5a836ce38c9c29e9c2bd306007347486b90c5064.tar guix-5a836ce38c9c29e9c2bd306007347486b90c5064.tar.gz |
gnu: expat: fix CVE-2018-20843
* gnu/packages/xml.scm (expat)[replacement]: New field.
(expat/fixed): New variable.
* gnu/packages/patches/expat-CVE-2018-20843.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add patch file.
Signed-off-by: Marius Bakke <mbakke@fastmail.com>
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/expat-CVE-2018-20843.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/gnu/packages/patches/expat-CVE-2018-20843.patch b/gnu/packages/patches/expat-CVE-2018-20843.patch new file mode 100644 index 0000000000..216fbe9667 --- /dev/null +++ b/gnu/packages/patches/expat-CVE-2018-20843.patch @@ -0,0 +1,21 @@ +Fix extraction of namespace prefix from XML name. +Fixes CVE-2018-20843 + +This patch comes from upstream commit 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 +https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 + +CVE is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843 + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index 30d55c5..737d7cd 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -6071,7 +6071,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType) + else + poolDiscard(&dtd->pool); + elementType->prefix = prefix; +- ++ break; + } + } + return 1; |