[OE-core] [zeus][PATCH] sqlite: fix numerous CVEs
Adrian Bunk
bunk at stusta.de
Sat Feb 22 20:58:20 UTC 2020
On Sat, Feb 22, 2020 at 10:34:42AM -0800, akuster808 wrote:
> Adrian,
>
> On 2/21/20 12:59 PM, Adrian Bunk wrote:
> > From: Ross Burton <ross.burton at intel.com>
> >
> > Fix the following CVEs:
> >
> > - CVE-2019-19244
> > - CVE-2019-19880
> > - CVE-2019-19923
> > - CVE-2019-19924
> > - CVE-2019-19925
> > - CVE-2019-19926
> > - CVE-2019-19959
> > - CVE-2019-20218
> >
> > Signed-off-by: Ross Burton <ross.burton at intel.com>
> > Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
> > Signed-off-by: Adrian Bunk <bunk at stusta.de>
>
> Thanks for backporting these changes. One question. The master commit
> f3ebf3f8dd0b4d144db451a8fcb352762f7fbd75
> <https://git.openembedded.org/openembedded-core/commit/meta/recipes-support/sqlite?id=f3ebf3f8dd0b4d144db451a8fcb352762f7fbd75>
> has merge conflicts
The patches are new files, so merge conflicts are impossbile on them
(they might not apply, but git does not even know that they are patches).
> and there is no mention in the commit message that
> you made any changes to get them to apply.
>
> Did you have to fixup any of the patches?
No.
> Master and Zeus have different versions of sqlite.
Yes, changing SRC_URI in the correct file was the trivial change needed.
> - armin
cu
Adrian
More information about the Openembedded-core
mailing list