[OE-core] [PATCH 0/1] logrotate: fix for CVE-2011-1548
wenzong.fan at windriver.com
wenzong.fan at windriver.com
Tue Jun 18 02:28:49 UTC 2013
From: Wenzong Fan <wenzong.fan at windriver.com>
If a logfile is a symlink, it may be read when being compressed, being
copied (copy, copytruncate) or mailed. Secure data (eg. password files)
may be exposed.
Portback nofollow.patch from:
http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz
The following changes since commit 1dd643b142c69ac9035e29bff11d02201638dc65:
licences: Add SGI license (2013-06-17 16:45:37 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib wenzong/logrotate
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/logrotate
Wenzong Fan (1):
logrotate: fix for CVE-2011-1548
.../logrotate-3.8.1/logrotate-CVE-2011-1548.patch | 43 ++++++++++++++++++++
meta/recipes-extended/logrotate/logrotate_3.8.1.bb | 1 +
2 files changed, 44 insertions(+)
create mode 100644 meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch
--
1.7.9.5
More information about the Openembedded-core
mailing list