[OE-core] [PATCH 0/2] patch: fix CVE-2018-6951 and CVE-2018-1000156
jackie.huang at windriver.com
jackie.huang at windriver.com
Wed Apr 11 06:56:08 UTC 2018
From: Jackie Huang <jackie.huang at windriver.com>
These are also needed for previous releases, so I think they should be
backported to the branch for 2.5 and 2.4 as well.
--
The following changes since commit 29f65bda6d2c9fea4adb125c4857ee64f9312b9f:
nativesdk-glibc: Split glibc and libcrypt to use libxcrypt instead (2018-04-07 22:34:45 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib.git jhuang0/d_patch_CVEs_180411_0
http://git.pokylinux.org/cgit.cgi//log/?h=jhuang0/d_patch_CVEs_180411_0
Jackie Huang (2):
patch: fix CVE-2018-6951
patch: fix CVE-2018-1000156
...02-Fix-segfault-with-mangled-rename-patch.patch | 35 ++++
...-files-to-be-missing-for-ed-style-patches.patch | 38 ++++
...ry-command-execution-in-ed-style-patches-.patch | 215 +++++++++++++++++++++
meta/recipes-devtools/patch/patch_2.7.6.bb | 6 +-
4 files changed, 293 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch
create mode 100644 meta/recipes-devtools/patch/patch/0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch
create mode 100644 meta/recipes-devtools/patch/patch/0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
--
2.11.0
More information about the Openembedded-core
mailing list