[OE-core] [”OE-core][thud][PATCH”] elfutils: CVE fix for elfutils
Martin Jansa
martin.jansa at gmail.com
Mon Sep 23 21:23:27 UTC 2019
On Mon, Sep 23, 2019 at 09:14:11PM +0000, shuagr97 at gmail.com wrote:
> From: Shubham Agrawal <shuagr at microsoft.com>
Drop the quotes in the e-mail subject.
>
> CVE: CVE-2019-7664.patch
> CVE: CVE-2019-7665.patch
>
> Sign off: Shubham Agrawal <shuagr at microsoft.com>
> ---
> meta/recipes-devtools/elfutils/elfutils_0.175.bb | 2 +
> .../elfutils/files/CVE-2019-7664.patch | 65 +++++++++
> .../elfutils/files/CVE-2019-7665.patch | 154 +++++++++++++++++++++
> 3 files changed, 221 insertions(+)
> create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch
> create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2019-7665.patch
....
> +diff --git a/libelf/ChangeLog b/libelf/ChangeLog
> +index 68c4fbd..892e6e7 100644
> +--- a/libelf/ChangeLog
> ++++ b/libelf/ChangeLog
> +@@ -1,3 +1,16 @@
> ++<<<<<<< HEAD
> ++=======
> ++2019-01-16 Mark Wielaard <mark at klomp.org>
> ++
> ++ * note_xlate.h (elf_cvt_note): Check n_namesz and n_descsz don't
> ++ overflow note_len into note header.
> ++
> ++2018-11-17 Mark Wielaard <mark at klomp.org>
> ++
> ++ * elf32_updatefile.c (updatemmap): Make sure to call convert
> ++ function on a properly aligned destination.
> ++
> ++>>>>>>> e65d91d... libelf: Correct overflow check in note_xlate.
You should resolve these conflicts (or drop the ChangeLog updates
completely from the backports as they will conflict with any other
backport as well.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20190923/8b311c30/attachment.sig>
More information about the Openembedded-core
mailing list