[OE-core] [poky][master][PATCH] bzip2: Fix CVE-2019-12900

Saloni Jain Saloni.Jain at kpit.com
Fri Jan 17 13:14:42 UTC 2020

Hi Ross,

I have added SOB details and sent another upstreaming request.
For warrier and thud we can simply backport from the master release or we can additionally add the fix for both as well. Please suggest.

Thanks & Regards,
From: Ross Burton <ross.burton at intel.com>
Sent: Wednesday, January 15, 2020 10:00 PM
To: openembedded-core at lists.openembedded.org <openembedded-core at lists.openembedded.org>; Saloni Jain <Saloni.Jain at kpit.com>
Subject: Re: [OE-core] [poky][master][PATCH] bzip2: Fix CVE-2019-12900

On 15/01/2020 15:47, Saloni Jain wrote:
> From: Sana Kazi <Sana.Kazi at kpit.com>
> Added patch for CVE-2019-12900 as backport from upstream.
> Fixes out of bound access discovered while fuzzying karchive.
> Tested by: Sana.Kazi at kpit.com
> Signed-off-by: Saloni Jain <Saloni.Jain at kpit.com>

Need a S-o-b in the patch itself alongside a CVE tag, but also why not a
backport for Warrior and Thud?


This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20200117/7c92e54e/attachment.html>

More information about the Openembedded-core mailing list