StarlingX

  1. Bug #1902997
  2. Comment #10

Comment 10 for bug 1902997

Revision history for this message
Michel Thebeau [WIND] (mthebeau) wrote :

Reviewed: https://review.opendev.org/c/starlingx/tools/+/764497
Committed: https://review.opendev.org/plugins/gitiles/starlingx/tools/+/cfe9e78c0b40c582c115bbea2b245ccdb84e5e07
Submitter: Zuul
Branch: r/stx.4.0

commit cfe9e78c0b40c582c115bbea2b245ccdb84e5e07 (starlingx/r/stx.4.0, m/r/stx.4.0)
Author: Michel Thebeau <email address hidden>
Date: Mon Nov 16 16:31:00 2020 -0500

    expat: CVE-2018-20843: XML input leads to high RAM

    Crafted XML input leads to high RAM and CPU.

    Fix is provided by Centos RPMs:
    expat-2.1.0-12.el7.x86_64.rpm
    expat-devel-2.1.0-12.el7.x86_64.rpm

    Test:
    Build. Deploy AIO-SX. Run reproducer.

    Closes-Bug: 1902997
    Change-Id: Ia56722d7c0c71e22139f2b1b8c4d5174b04414fc
    Signed-off-by: Michel Thebeau <email address hidden>