diff options
| author |   Kai Kang <kai.kang@windriver.com> | 2021-09-17 16:58:06 -0700 |
|---|---|---|
| committer |   Steve Sakoman <steve@sakoman.com> | 2021-09-24 04:27:46 -1000 |
| commit | 48303d1c93cfcadf80830d07597805cc41d5f7e9 (patch) | |
| tree | a9b68d5f8dcdaf44400e3ad2d609406d5e35eabe /meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb | |
| parent | 10f2333afd739669013a65112f6471f09e13d124 (diff) | |
| download | openembedded-core-contrib-48303d1c93cfcadf80830d07597805cc41d5f7e9.tar.gz | |
squashfs-tools: fix CVE-2021-40153
Source: http://git.yoctoproject.org/poky.git
MR: 113126
Type: Security Fix
Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=hardknott&id=cfc17a7ab5d3b0d6354a7194b8c8746c501959d9
ChangeID: cfc17a7ab5d3b0d6354a7194b8c8746c501959d9
Description:
Backport patch to fix CVE-2021-40153, and remove version update in
unsquashfs.c for compatible.
CVE: CVE-2021-40153
Ref:
* https://security-tracker.debian.org/tracker/CVE-2021-40153
(From OE-Core rev: 09de4ef3f33540069a37e9fe6e13081984b77511)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb')
| -rw-r--r-- | meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb b/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb index 2b1409d78d..083e597b03 100644 --- a/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb +++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb @@ -11,6 +11,7 @@ PV = "4.4" SRCREV = "52eb4c279cd283ed9802dd1ceb686560b22ffb67" SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https \ file://0001-squashfs-tools-fix-build-failure-against-gcc-10.patch;striplevel=2 \ + file://CVE-2021-40153.patch;striplevel=2 \ " S = "${WORKDIR}/git/squashfs-tools" |