'[OE-core] [PATCH 1/1] patch: fix CVE-2015-1196'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openembedded-core
Subject:    [OE-core] [PATCH 1/1] patch: fix CVE-2015-1196
From:       liezhi.yang () windriver ! com (Robert Yang)
Date:       2015-03-31 1:42:18
Message-ID: 5519FB7A.40903 () windriver ! com
[Download RAW message or body]



On 03/30/2015 06:14 PM, Richard Purdie wrote:
> On Wed, 2015-03-25 at 23:42 -0700, Robert Yang wrote:
>> A directory traversal flaw was reported in patch:
>>
>> References:
>> http://www.openwall.com/lists/oss-security/2015/01/18/6
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227
>> https://bugzilla.redhat.com/show_bug.cgi?id=1182154
>>
>> [YOCTO #7182]
>>
>> Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
>> ---
>>   meta/recipes-devtools/patch/patch.inc              |    5 +-
>
> This patch shouldn't change the .inc but the versioned .bb file instead,
> otherwise non-gplv3 builds fail.
>
> In the interests of expedience, I tweaked the patch to apply to the
> versioned .bb file instead and queued it.

Thank you very much.

// Robert

>
> Cheers,
>
> Richard
>
>
>
>
>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic