File libxml2-CVE-2024-25062.patch of Package python-libxml2-python

From 1a66b176055d25ee635bf328c7b35b381db0b71d Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 14 Oct 2023 22:45:54 +0200
Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
 backtracking

Fixes a use-after-free if XML Reader if used with DTD validation and
XInclude expansion.

Fixes #604.
---
 xmlreader.c | 1 +
 1 file changed, 1 insertion(+)

Index: libxml2-2.9.7/xmlreader.c
===================================================================
--- libxml2-2.9.7.orig/xmlreader.c
+++ libxml2-2.9.7/xmlreader.c
@@ -1511,6 +1511,7 @@ node_found:
      * Handle XInclude if asked for
      */
     if ((reader->xinclude) && (reader->node != NULL) &&
+    (reader->state != XML_TEXTREADER_BACKTRACK) &&
 	(reader->node->type == XML_ELEMENT_NODE) &&
 	(reader->node->ns != NULL) &&
 	((xmlStrEqual(reader->node->ns->href, XINCLUDE_NS)) ||

Places

File libxml2-CVE-2024-25062.patch of Package python-libxml2-python

Places