[OE-core] [PATCH] unzip: actually apply CVE-2018-18384
Ross Burton
ross.burton at intel.com
Fri Nov 9 16:28:36 UTC 2018
Signed-off-by: Ross Burton <ross.burton at intel.com>
---
meta/recipes-extended/unzip/unzip_6.0.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index b9d87dd6396..daba7227223 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -21,6 +21,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \
file://symlink.patch \
file://0001-unzip-fix-CVE-2018-1000035.patch \
+ file://CVE-2018-18384.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.11.0
More information about the Openembedded-core
mailing list