aboutsummaryrefslogtreecommitdiffstats
path: root/meta/classes/kernel-yocto.bbclass
diff options
context:
space:
mode:
authorChong Lu <Chong.Lu@windriver.com>2014-09-26 09:49:19 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-09-29 17:49:10 +0100
commit3dd692fcf2b0c11731b3f30abdf2b1878458a898 (patch)
tree5b0bb9632a200f53d99d96de67d056d50522d5c5 /meta/classes/kernel-yocto.bbclass
parenta414b17e1d783ad68a2d0f7d5922967449c05797 (diff)
downloadopenembedded-core-contrib-3dd692fcf2b0c11731b3f30abdf2b1878458a898.tar.gz
apt: fix for CVE-2014-0478
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0478 Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Diffstat (limited to 'meta/classes/kernel-yocto.bbclass')
0 files changed, 0 insertions, 0 deletions