[OE-core] [PATCH 1/1] patch: fix CVE-2015-1196
Robert Yang
liezhi.yang at windriver.com
Tue Mar 31 01:42:18 UTC 2015
On 03/30/2015 06:14 PM, Richard Purdie wrote:
> On Wed, 2015-03-25 at 23:42 -0700, Robert Yang wrote:
>> A directory traversal flaw was reported in patch:
>>
>> References:
>> http://www.openwall.com/lists/oss-security/2015/01/18/6
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227
>> https://bugzilla.redhat.com/show_bug.cgi?id=1182154
>>
>> [YOCTO #7182]
>>
>> Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
>> ---
>> meta/recipes-devtools/patch/patch.inc | 5 +-
>
> This patch shouldn't change the .inc but the versioned .bb file instead,
> otherwise non-gplv3 builds fail.
>
> In the interests of expedience, I tweaked the patch to apply to the
> versioned .bb file instead and queued it.
Thank you very much.
// Robert
>
> Cheers,
>
> Richard
>
>
>
>
>
More information about the Openembedded-core
mailing list