[OE-core] [PATCH 1/1] patch: fix CVE-2015-1196
Richard Purdie
richard.purdie at linuxfoundation.org
Mon Mar 30 10:14:23 UTC 2015
On Wed, 2015-03-25 at 23:42 -0700, Robert Yang wrote:
> A directory traversal flaw was reported in patch:
>
> References:
> http://www.openwall.com/lists/oss-security/2015/01/18/6
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227
> https://bugzilla.redhat.com/show_bug.cgi?id=1182154
>
> [YOCTO #7182]
>
> Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
> ---
> meta/recipes-devtools/patch/patch.inc | 5 +-
This patch shouldn't change the .inc but the versioned .bb file instead,
otherwise non-gplv3 builds fail.
In the interests of expedience, I tweaked the patch to apply to the
versioned .bb file instead and queued it.
Cheers,
Richard
More information about the Openembedded-core
mailing list