fix CVE-2022-2309

backport-CVE-2022-2309.patch

@@ -0,0 +1,25 @@
+From 5930fe01963136ab92125feec0c6204d9c9225dc Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 18 Jul 2022 20:59:45 +0200
+Subject: [PATCH] Reset nsNr in xmlCtxtReset
+
+---
+ parser.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index d278638d..e660b0a7 100644
+--- a/parser.c
++++ b/parser.c
+@@ -14820,6 +14820,8 @@ xmlCtxtReset(xmlParserCtxtPtr ctxt)
+     ctxt->nameNr = 0;
+     ctxt->name = NULL;
+ 
++    ctxt->nsNr = 0;
++
+     DICT_FREE(ctxt->version);
+     ctxt->version = NULL;
+     DICT_FREE(ctxt->encoding);
+-- 
+2.27.0
+

libxml2.spec

@@ -1,7 +1,7 @@
 Summary: Library providing XML and HTML support
 Name: libxml2
 Version: 2.9.10
-Release: 39
+Release: 40
 License: MIT
 Group: Development/Libraries
 Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz
@@ -135,6 +135,7 @@ Patch122:backport-Always-initialize-SAX1-element-handlers.patch
 Patch123:backport-malloc-fail-Fix-memory-leak-in-xmlStaticCopyNodeList.patch
 Patch124:backport-CVE-2023-45322.patch
 Patch125:backport-CVE-2024-25062.patch
+Patch126:backport-CVE-2022-2309.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: python2-devel
@@ -326,6 +327,12 @@ rm -fr %{buildroot}
 
 
 %changelog
+* Tue Mar 26 zhuofeng <zhuofeng2@huawei.com> - 2.9.10-40
+- Type:CVE
+- CVE:CVE-2022-2309
+- SUG:NA
+- DESC:fix CVE-2022-2309
+
 * Mon Feb 19 hehuazhen <hehuazhen@huawei.com> - 2.9.10-39
 - Type:CVE
 - CVE:CVE-2024-25062