--- a/usr/src/lib/libxml2/Makefile.sfw Wed Oct 03 22:16:32 2012 +0100
+++ b/usr/src/lib/libxml2/Makefile.sfw Mon Dec 10 21:03:59 2012 +0000
@@ -130,6 +130,7 @@
(cd $(VER); gpatch -p 1 < ../Patches/CVE-2011-3919.patch)
(cd $(VER); gpatch -p 1 < ../Patches/CVE-2012-0841.patch)
(cd $(VER); gpatch -p 1 < ../Patches/CVE-2011-3102.patch)
+ (cd $(VER); gpatch -p 1 < ../Patches/CVE-2012-5134.patch)
touch $(VER)/configure
$(VER64)/configure: $(VER).tar.gz
@@ -151,6 +152,7 @@
(cd $(VER64); gpatch -p 1 < ../Patches/CVE-2011-3919.patch)
(cd $(VER64); gpatch -p 1 < ../Patches/CVE-2012-0841.patch)
(cd $(VER64); gpatch -p 1 < ../Patches/CVE-2011-3102.patch)
+ (cd $(VER64); gpatch -p 1 < ../Patches/CVE-2012-5134.patch)
touch $(VER64)/configure
clean:
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/lib/libxml2/Patches/CVE-2012-5134.patch Mon Dec 10 21:03:59 2012 +0000
@@ -0,0 +1,21 @@
+From 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <[email protected]>
+Date: Mon, 29 Oct 2012 02:39:55 +0000
+Subject: Fix potential out of bound access
+
+---
+diff --git a/parser.c b/parser.c
+index 0d8d7f2..bd634e9 100644
+--- a/parser.c
++++ b/parser.c
+@@ -4076,7 +4076,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ goto error;
+
+ if ((in_space) && (normalize)) {
+- while (buf[len - 1] == 0x20) len--;
++ while ((len > 0) && (buf[len - 1] == 0x20)) len--;
+ }
+ buf[len] = 0;
+ if (RAW == '<') {
+--
+cgit v0.9.0.2