diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2019-07-12 01:03:53 +0200 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2019-07-12 01:03:53 +0200 |
| commit | fb9a23a3f3ad3d7b5b7f03b2007baf27684d6bbd (patch) | |
| tree | afbd3f4f33771c61254b0c3d977092542fbe8009 /gnu/packages/patches/expat-CVE-2018-20843.patch | |
| parent | 1c4b72cb34640638e40c5190676e5c8c352d292d (diff) | |
| parent | 5a836ce38c9c29e9c2bd306007347486b90c5064 (diff) | |
| download | patches-fb9a23a3f3ad3d7b5b7f03b2007baf27684d6bbd.tar patches-fb9a23a3f3ad3d7b5b7f03b2007baf27684d6bbd.tar.gz | |
Merge branch 'master' into core-updates
Conflicts:
gnu/local.mk
gnu/packages/python-xyz.scm
gnu/packages/xml.scm
guix/gexp.scm
po/guix/POTFILES.in
Diffstat (limited to 'gnu/packages/patches/expat-CVE-2018-20843.patch')
| -rw-r--r-- | gnu/packages/patches/expat-CVE-2018-20843.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/gnu/packages/patches/expat-CVE-2018-20843.patch b/gnu/packages/patches/expat-CVE-2018-20843.patch new file mode 100644 index 0000000000..216fbe9667 --- /dev/null +++ b/gnu/packages/patches/expat-CVE-2018-20843.patch @@ -0,0 +1,21 @@ +Fix extraction of namespace prefix from XML name. +Fixes CVE-2018-20843 + +This patch comes from upstream commit 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 +https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 + +CVE is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843 + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index 30d55c5..737d7cd 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -6071,7 +6071,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType) + else + poolDiscard(&dtd->pool); + elementType->prefix = prefix; +- ++ break; + } + } + return 1; |