mirror of
https://github.com/motioneye-project/motioneyeos.git
synced 2025-04-20 13:27:16 +00:00
6d3c671ef8
Fixes the following security issue: - CVE-2019-11068: libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. Upstream bugtracker issue not yet public: https://gitlab.gnome.org/GNOME/libxslt/issues/12 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 73edd3c21c8cd8610ade16f449e7af8fd60b8aa9) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>