[OE-core] [master][PATCH] libbsd: Security fix and update 0.8.2
Armin Kuster
akuster808 at gmail.com
Wed Feb 10 22:18:24 UTC 2016
From: Armin Kuster <akuster at mvista.com>
This update includes:
CVE-2016-2090 Heap buffer overflow in fgetwln function of libbsd
libbsd 0.8.1 and earlier contains a buffer overflow in the function
fgetwln(). An if checks if it is necessary to reallocate memory in the
target buffer. However this check is off by one, therefore an out of
bounds write happens.
Upstream has released version 0.8.2 to fix this.
Signed-off-by: Armin Kuster <akuster at mvista.com>
---
meta/recipes-support/libbsd/{libbsd_0.8.1.bb => libbsd_0.8.2.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-support/libbsd/{libbsd_0.8.1.bb => libbsd_0.8.2.bb} (91%)
diff --git a/meta/recipes-support/libbsd/libbsd_0.8.1.bb b/meta/recipes-support/libbsd/libbsd_0.8.2.bb
similarity index 91%
rename from meta/recipes-support/libbsd/libbsd_0.8.1.bb
rename to meta/recipes-support/libbsd/libbsd_0.8.2.bb
index 45420d5..3335386 100644
--- a/meta/recipes-support/libbsd/libbsd_0.8.1.bb
+++ b/meta/recipes-support/libbsd/libbsd_0.8.2.bb
@@ -37,7 +37,7 @@ SRC_URI = " \
http://libbsd.freedesktop.org/releases/${BPN}-${PV}.tar.xz \
"
-SRC_URI[md5sum] = "f3daff0283af6e30f25d68be2deac4ef"
-SRC_URI[sha256sum] = "adbc8781ad720bce939b689f38a9f0247732a36792147a7c28027c393c2af9b0"
+SRC_URI[md5sum] = "cdee252ccff978b50ad2336278c506c9"
+SRC_URI[sha256sum] = "b2f644cae94a6e2fe109449c20ad79a0f6ee4faec2205b07eefa0020565e250a"
inherit autotools pkgconfig
--
2.3.5
More information about the Openembedded-core
mailing list