[OE-core] [dizzy][PATCH] coreutils: Fix CVE-2014-9471
Maxin B. John
maxin.john at enea.com
Tue Jan 20 17:28:26 UTC 2015
Hi Ross,
On Tue, Jan 20, 2015 at 04:00:02PM +0000, Burton, Ross wrote:
>
> On 19 January 2015 at 13:57, Maxin B. John <maxin.john at enea.com> wrote:
>
> On Wed, Jan 07, 2015 at 01:11:43PM +0100, Maxin B. John wrote:
> > Fiedler Roman discovered that coreutils' parse_datetime() function
> > has some flaws that may be exploitable if the date(1), touch(1),
> > or potentially other programs, accept untrusted input for certain
> > parameters. While researching this issue, he discovered that it
> > was independently discovered by Bertrand Jacquin and reported at
> > http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872
> >
>
>
> Was this bug still in 8.23 so it needs to be applied to master, or is it
> dizzy-specific?
This bug is already fixed in 8.23. So, we don't have to apply this on
master.
> Ross
Best Regards,
Maxin
More information about the Openembedded-core
mailing list