[OE-core] [PATCH] Add two patches for bind
Burton, Ross
ross.burton at intel.com
Thu Oct 13 20:01:38 UTC 2016
On 17 September 2016 at 14:55, Zheng Ruoqin <zhengrq.fnst at cn.fujitsu.com>
wrote:
> 1.CVE-2016-2775.patch
> [security] getrrsetbyname with a non absolute name could
> trigger an infinite recursion bug in lwresd
> and named with lwres configured if when combined
> with a search list entry the resulting name is
> too long. (CVE-2016-2775) [RT #42694]
>
> 2.CVE-2016-2776.patch
> [security] It was possible to trigger a assertion when rendering
> a message. (CVE-2016-2776) [RT #43139]
>
> Signed-off-by: zhengruoqin <zhengrq.fnst at cn.fujitsu.com>
>
The patches themselves need CVE, Signed-off-by, and Upstream-Status tags.
The commit message needs a better short summary (at least, "fix two CVEs",
ideally better).
Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20161013/06d44446/attachment-0002.html>
More information about the Openembedded-core
mailing list