[OE-core] [dizzy][PATCH] coreutils: Fix CVE-2014-9471
Burton, Ross
ross.burton at intel.com
Tue Jan 20 16:00:02 UTC 2015
On 19 January 2015 at 13:57, Maxin B. John <maxin.john at enea.com> wrote:
> On Wed, Jan 07, 2015 at 01:11:43PM +0100, Maxin B. John wrote:
> > Fiedler Roman discovered that coreutils' parse_datetime() function
> > has some flaws that may be exploitable if the date(1), touch(1),
> > or potentially other programs, accept untrusted input for certain
> > parameters. While researching this issue, he discovered that it
> > was independently discovered by Bertrand Jacquin and reported at
> > http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872
> >
>
Was this bug still in 8.23 so it needs to be applied to master, or is it
dizzy-specific?
Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20150120/67748735/attachment-0002.html>
More information about the Openembedded-core
mailing list