[oe-commits] Chong Lu : file: CVE-2014-9620 and CVE-2014-9621
git at git.openembedded.org
git at git.openembedded.org
Fri Feb 6 14:57:04 UTC 2015
Module: openembedded-core.git
Branch: daisy
Commit: ee78555fe54e98c6296566b5e701ef268d77db61
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=ee78555fe54e98c6296566b5e701ef268d77db61
Author: Chong Lu <Chong.Lu at windriver.com>
Date: Thu Jan 22 17:28:34 2015 +0800
file: CVE-2014-9620 and CVE-2014-9621
CVE-2014-9620:
Limit the number of ELF notes processed - DoS
CVE-2014-9621:
Limit string printing to 100 chars - DoS
The patch comes from:
https://github.com/file/file/commit/6ce24f35cd4a43c4bdd249e8e0c4952c1f8eac67
https://github.com/file/file/commit/0056ec32255de1de973574b0300161a1568767d6
https://github.com/file/file/commit/09e41625c999a2e5b51e1092f0ef2432a99b5c33
https://github.com/file/file/commit/af444af0738468393f40f9d2261b1ea10fc4b2ba
https://github.com/file/file/commit/68bd8433c7e11a8dbe100deefdfac69138ee7cd9
https://github.com/file/file/commit/dddd3cdb95210a765dd90f7d722cb8b5534daee7
https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4
https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c
[YOCTO #7178]
Signed-off-by: Chong Lu <Chong.Lu at windriver.com>
[sgw - Fixed magic.h.in to match magic.h]
Signed-off-by: Saul Wold <sgw at linux.intel.com>
---
.../file-CVE-2014-9620-and-CVE-2014-9621.patch | 1359 ++++++++++++++++++++
meta/recipes-devtools/file/file_5.16.bb | 1 +
2 files changed, 1360 insertions(+)
Diff: http://git.openembedded.org/?p=openembedded-core.git/?a=commitdiff;h=ee78555fe54e98c6296566b5e701ef268d77db61
More information about the Openembedded-commits
mailing list