[oe-commits] [openembedded-core] 24/25: patch: the CVE-2019-13638 fix also handles CVE-2018-20969
git at git.openembedded.org
git at git.openembedded.org
Mon Nov 18 14:48:32 UTC 2019
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch warrior
in repository openembedded-core.
commit fec797a6ae981efa81896fd915933621699bca4e
Author: Ross Burton <ross.burton at intel.com>
AuthorDate: Mon Nov 4 12:27:13 2019 +0000
patch: the CVE-2019-13638 fix also handles CVE-2018-20969
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
.../patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
index f60dfe8..d13d419 100644
--- a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
+++ b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
@@ -6,8 +6,8 @@ Subject: [PATCH] Invoke ed directly instead of using the shell
* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
command to avoid quoting vulnerabilities.
-CVE: CVE-2019-13638
-Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
+CVE: CVE-2019-13638 CVE-2018-20969
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
Signed-off-by: Trevor Gamblin <trevor.gamblin at windriver.com>
---
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list