diff options
author | Anuj Mittal <anuj.mittal@intel.com> | 2020-03-20 19:23:54 +0200 |
---|---|---|
committer | Anuj Mittal <anuj.mittal@intel.com> | 2020-03-21 11:03:56 +0800 |
commit | bc3c82e82e6d2dce025e84b8f398379f4fc6f249 (patch) | |
tree | ec61d99b8950cf83f81e29013e575d905de7ef15 /meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb | |
parent | b3fcf13e332d8830e759ef4161161f0e54591700 (diff) | |
download | openembedded-core-contrib-bc3c82e82e6d2dce025e84b8f398379f4fc6f249.tar.gz |
e2fsprogs: backport upstream patch
Fixes a bug wherein a use after free could potentially be used to run
malicious code if a user can be tricked into running e2fsck on a
maliciously crafted file system.
Also see:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948517
(From OE-Core rev: 23c1b157362609bd8d85c7d35e6c7f0f60c32c88)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb')
-rw-r--r-- | meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb index 2014e68579..f81defb837 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb @@ -8,6 +8,7 @@ SRC_URI += "file://remove.ldconfig.call.patch \ file://CVE-2019-5094.patch \ file://CVE-2019-5188.patch \ file://0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch \ + file://e2fsck-fix-use-after-free-in-calculate_tree.patch \ " SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \ |