[OE-core] [sumo] [PATCH] busybox: Include complete fix for CVE-2011-5325
Mike Crowe
mac at mcrowe.com
Wed Jun 26 14:27:33 UTC 2019
On Wednesday 26 June 2019 at 15:21:08 +0100, Mike Crowe wrote:
> It looks like not all the parts required for fixing CVE-2011-5325 made
> it into oe-core master before the recipe was upgraded to the upstream
> fixed version.
>
> The partial fix meant that symlinks deemed unsafe enough to delay were
> never actually realized. This backport from upstream fixes the
> problem.
Grrr, I managed to send the version that lacked the [sumo] prefix. :(
Sorry.
Mike.
More information about the Openembedded-core
mailing list