[oe-commits] Roy Li : unzip: fix four CVE defects
git at git.openembedded.org
git at git.openembedded.org
Fri Jun 26 13:09:00 UTC 2015
Module: openembedded-core.git
Branch: master-next
Commit: 5e9f29b1c212f7a067772699e7fc9b6e233baa34
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=5e9f29b1c212f7a067772699e7fc9b6e233baa34
Author: Roy Li <rongqing.li at windriver.com>
Date: Tue Jun 23 13:32:06 2015 +0800
unzip: fix four CVE defects
Port four patches from unzip_6.0-8+deb7u2.debian.tar.gz to fix:
cve-2014-8139
cve-2014-8140
cve-2014-8141
cve-2014-9636
Signed-off-by: Roy Li <rongqing.li at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
---
.../unzip/09-cve-2014-8139-crc-overflow.patch | 52 ++++++++
.../unzip/10-cve-2014-8140-test-compr-eb.patch | 33 +++++
.../unzip/11-cve-2014-8141-getzip64data.patch | 144 +++++++++++++++++++++
.../unzip/12-cve-2014-9636-test-compr-eb.patch | 45 +++++++
meta/recipes-extended/unzip/unzip_6.0.bb | 4 +
5 files changed, 278 insertions(+)
Diff: http://git.openembedded.org/?p=openembedded-core.git/?a=commitdiff;h=5e9f29b1c212f7a067772699e7fc9b6e233baa34
More information about the Openembedded-commits
mailing list