diff options
| author |   haiqing <haiqing.bai@windriver.com> | 2020-03-27 10:38:05 +0800 |
|---|---|---|
| committer |   Anuj Mittal <anuj.mittal@intel.com> | 2020-04-06 15:17:05 +0800 |
| commit | 29ed9fc7341cc3db716115aef1a6910fdb893145 (patch) | |
| tree | 1554f1091e031db0349a1c8126d549270a5e6d6c /meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb | |
| parent | 88cce1d9d06ed4c5a7b58a31d75cfd1503605df9 (diff) | |
| download | openembedded-core-contrib-29ed9fc7341cc3db716115aef1a6910fdb893145.tar.gz | |
glib-2.0: fix CVE-2020-6750
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly
to a target address instead of connecting via a proxy server when configured
to do so, because the proxy_addr field is mishandled. This bug is timing-dependent
and may occur only sporadically depending on network delays. The greatest security
relevance is in use cases where a proxy is used to help with privacy/anonymity,
even though there is no technical barrier to a direct connection.
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb')
| -rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb index 5aefa6ad8b..5be81a8f31 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb @@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \ file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \ + file://CVE-2020-6750.patch \ " SRC_URI_append_class-native = " file://relocate-modules.patch" |