[OE-core] [poky][master][PATCH] Added patch for CVE-2019-12900 as backport from upstream.
Mittal, Anuj
anuj.mittal at intel.com
Tue Jan 21 06:24:33 UTC 2020
On Tue, 2020-01-21 at 06:14 +0000, Saloni Jain wrote:
> From: Sana Kazi <Sana.Kazi at kpit.com>
>
> Fixes out of bound access discovered while fuzzying karchive.
>
> Tested by: Sana.Kazi at kpit.com
>
> Signed-off-by: Saloni Jain <Saloni.Jain at kpit.com>
> ---
> .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36
> ++++++++++++++++++++++
> 1 file changed, 36 insertions(+)
The patch file would also need to included in the recipe SRC_URI. Also,
this patch should only be applicable to warrior/thud since it's already
in 1.0.7.
Thanks,
Anuj
More information about the Openembedded-core
mailing list