[OE-core] [PATCH][thud] glibc: finish incomplete fix for CVE-2016-10739
Ross Burton
ross.burton at intel.com
Mon Dec 9 10:33:59 UTC 2019
On 08/12/2019 21:37, akuster808 wrote:
>
>
> On 12/5/19 6:45 AM, Ross Burton wrote:
>> Somehow the patch for this CVE only included one of the four required patches.
>
> fails:
>
> Applying patch CVE-2016-10739.patch
> patching file resolv/inet_addr.c
> patching file resolv/nss_dns/dns-host.c
> patching file NEWS
> Hunk #1 FAILED at 10.
> Hunk #2 succeeded at 18 with fuzz 2 (offset -39 lines).
> 1 out of 2 hunks FAILED -- rejects in file NEWS
> patching file include/arpa/inet.h
> patching file nscd/gai.c
> patching file nscd/gethstbynm3_r.c
> patching file nss/digits_dots.c
> patching file resolv/Makefile
> patching file resolv/Versions
> patching file resolv/inet_addr.c
> patching file resolv/res_init.c
> patching file resolv/tst-aton.c
> patching file resolv/tst-inet_aton_exact.c
> patching file resolv/tst-resolv-nondecimal.c
> patching file resolv/tst-resolv-trailing.c
> patching file sysdeps/posix/getaddrinfo.c
> patching file nscd/Makefile
> patching file nscd/gai.c
> patching file nscd/nscd-inet_addr.c
> Patch CVE-2016-10739.patch does not apply (enforce with -f)
Whaaaaaaat?
More information about the Openembedded-core
mailing list