dpkg: Security Advisory - CVE-2014-0471 - openembedded-core-contrib - OpenEmbedded Core user contribution trees

diff options

author	Guillem Jover <guillem@debian.org>	2014-06-17 04:25:51 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-06-17 10:23:45 +0100
commit	81880b34a8261e824c5acafaa4cb321908e554a0 (patch)
tree	17073cfab7142dfa84381f272ec8973e99488018 /meta-selftest/README
parent	9f02922d44de483ef4d02ce95b55efe79a8b09a2 (diff)
download	openembedded-core-contrib-81880b34a8261e824c5acafaa4cb321908e554a0.tar.gz

dpkg: Security Advisory - CVE-2014-0471

v2 changes: * update format for commit log * add Upstream-Status for patch commit a82651188476841d190c58693f95827d61959b51 upstream Dkpkg::Source::Patch: Correctly parse C-style diff filenames We need to strip the surrounding quotes, and unescape any escape sequence, so that we check the same files that the patch program will be using, otherwise a malicious package could overpass those checks, and perform directory traversal attacks on source package unpacking. Fixes: CVE-2014-0471 Reported-by: Jakub Wilk <jwilk@debian.org> [drop the text for debian/changelog,because it's not suitable for the veriosn] Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta-selftest/README')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: