On 5 June 2015 at 09:23, <wenzong....@windriver.com> wrote: > +From 213f1fe0d76d30eaed6e5853057defc43e6df2c9 Mon Sep 17 00:00:00 2001 > +From: Daniel Veillard <veill...@redhat.com> > +Date: Tue, 14 Apr 2015 17:41:48 +0800 > +Subject: [PATCH] CVE-2015-1819 Enforce the reader to run in constant > memory > + > +One of the operation on the reader could resolve entities > +leading to the classic expansion issue. Make sure the > +buffer used for xmlreader operation is bounded. > +Introduce a new allocation type for the buffers for this effect. > + > +Upstream-Status: Backport >
No signed-off-by. Ross
-- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
