[OE-core] [PATCH] Bash bug fixes and CVE updates
Mark Hatle
mark.hatle at windriver.com
Fri Oct 3 14:51:24 UTC 2014
Use the official community fixes by patching to the latest patch level.
The key patches for the active CVEs are listed below:
bash32-052 CVE-2014-6271 9/24/2014
bash32-053 CVE-2014-7169 9/26/2014
bash32-054 exported function namespace change 9/27/2014
bash32-055 CVE-2014-7186/CVE-2014-7187 10/1/2014
bash32-056 CVE-2014-6277 10/2/2014
bash43-025 CVE-2014-6271 9/24/2014
bash43-026 CVE-2014-7169 9/26/2014
bash43-027 exported function namespace change 9/27/2014
bash43-028 CVE-2014-7186/CVE-2014-7187 10/1/2014
bash43-029 CVE-2014-6277 10/2/2014
I am still in the process of validating the before and after behavior of
bash using the ptests, I'll let the list know once the tests have been
completed.
Mark Hatle (1):
bash: Upgrade bash to latest patch level to fix CVEs
.../bash/bash-3.2.48/cve-2014-6271.patch | 77 --------------
.../bash/bash-3.2.48/cve-2014-7169.patch | 16 ---
.../recipes-extended/bash/bash/cve-2014-6271.patch | 114 ---------------------
.../recipes-extended/bash/bash/cve-2014-7169.patch | 16 ---
meta/recipes-extended/bash/bash_3.2.48.bb | 38 ++++---
meta/recipes-extended/bash/bash_4.3.bb | 90 +++++++++++++++-
6 files changed, 112 insertions(+), 239 deletions(-)
delete mode 100644 meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch
delete mode 100644 meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
delete mode 100644 meta/recipes-extended/bash/bash/cve-2014-6271.patch
delete mode 100644 meta/recipes-extended/bash/bash/cve-2014-7169.patch
--
1.9.3
More information about the Openembedded-core
mailing list