We have some news to share for the request index beta feature. We’ve added more options to sort your requests, counters to the individual filters and documentation for the search functionality. Checkout the blog post for more details.

Overview

File libxml2-CVE-2022-49043.patch of Package libxml2.42447

From 5a19e21605398cef6a8b1452477a8705cb41562b Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Wed, 2 Nov 2022 16:13:27 +0100
Subject: [PATCH] malloc-fail: Fix use-after-free in xmlXIncludeAddNode

Found with libFuzzer, see #344.
---
 xinclude.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Index: libxml2-2.9.7/xinclude.c
===================================================================
--- libxml2-2.9.7.orig/xinclude.c
+++ libxml2-2.9.7/xinclude.c
@@ -605,14 +605,15 @@ xmlXIncludeAddNode(xmlXIncludeCtxtPtr ct
     }
     URL = xmlSaveUri(uri);
     xmlFreeURI(uri);
-    xmlFree(URI);
     if (URL == NULL) {
 	xmlXIncludeErr(ctxt, cur, XML_XINCLUDE_HREF_URI,
 	               "invalid value URI %s\n", URI);
 	if (fragment != NULL)
 	    xmlFree(fragment);
+        xmlFree(URI);
 	return(-1);
     }
+    xmlFree(URI);
 
     /*
      * If local and xml then we need a fragment
openSUSE Build Service is sponsored by
Places