[OE-core] [poky][master][PATCH] Added patch for CVE-2019-12900 as backport from upstream.

Mittal, Anuj anuj.mittal at intel.com
Tue Jan 21 06:24:33 UTC 2020


On Tue, 2020-01-21 at 06:14 +0000, Saloni Jain wrote:
> From: Sana Kazi <Sana.Kazi at kpit.com>
> 
> Fixes out of bound access discovered while fuzzying karchive.
> 
> Tested by: Sana.Kazi at kpit.com
> 
> Signed-off-by: Saloni Jain <Saloni.Jain at kpit.com>
> ---
>  .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch         | 36
> ++++++++++++++++++++++
>  1 file changed, 36 insertions(+)

The patch file would also need to included in the recipe SRC_URI. Also,
this patch should only be applicable to warrior/thud since it's already
in 1.0.7.

Thanks,

Anuj


More information about the Openembedded-core mailing list