libyaml: add fix for CVE-2014-2525 Security Advisory
authorKang Kai <kai.kang@windriver.com>
Wed, 29 Oct 2014 00:30:59 +0000 (08:30 +0800)
committerPatrick Ohly <patrick.ohly@intel.com>
Fri, 9 Jan 2015 17:19:17 +0000 (09:19 -0800)
commitb53878276c9089e3e19a81036af138b599c592b1
tree39c1ff5b7a3c3f1f93a402ebdfb39924c3a04039
parent8f9e56ed77b6b18f8fa64cec103a99928cd75319
libyaml: add fix for CVE-2014-2525 Security Advisory

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function
in LibYAML before 0.1.6 allows context-dependent attackers to execute
arbitrary code via a long sequence of percent-encoded characters in a
URI in a YAML file.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2525

(From meta-openembedded rev: f58ee5acdd436f822c42bed063a319f926854f7d)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
meta-openembedded/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch [new file with mode: 0644]
meta-openembedded/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb