aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r--meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch1
-rw-r--r--meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch1
-rw-r--r--meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch1
-rw-r--r--meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch1
-rw-r--r--meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch1
-rw-r--r--meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch1
-rw-r--r--meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch1
-rw-r--r--meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch1
-rw-r--r--meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch1
-rw-r--r--meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch1
-rw-r--r--meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch1
-rw-r--r--meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch1
-rw-r--r--meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch1
-rw-r--r--meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch1
-rw-r--r--meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch1
-rw-r--r--meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch1
-rw-r--r--meta/recipes-extended/unzip/unzip/cve-2014-9636.patch1
-rw-r--r--meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch1
18 files changed, 18 insertions, 0 deletions
diff --git a/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch b/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch
index 8f719ad8d68..5c999197ff1 100644
--- a/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch
+++ b/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch
@@ -11,6 +11,7 @@ Author: Vitezslav Cizek <vcizek@suse.cz>
Bug-Debian: https://bugs.debian.org/774669
Upstream-Status: Pending
+CVE: CVE-2015-1197
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
diff --git a/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch b/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch
index 49a7cf52a6f..a31573510ae 100644
--- a/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch
+++ b/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch
@@ -1,4 +1,5 @@
Upstream-Status: Inappropriate [bugfix: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624]
+CVE: CVE-2010-0624
This patch avoids heap overflow reported by :
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624
diff --git a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
index 059d0687b3f..721f2a0a634 100644
--- a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
+++ b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
@@ -10,6 +10,7 @@ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5667
Upstream-Status: Inappropriate [other]
This version of GNU Grep has been abandoned upstream and they are no longer
accepting patches. This is not a backport.
+CVE: CVE-2012-5667
Signed-off-by Ming Liu <ming.liu@windriver.com>
---
diff --git a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch
index 126f80e0443..19523f4b89a 100644
--- a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch
+++ b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch
@@ -6,6 +6,7 @@ Subject: [PATCH] Fix CVE-2013-0211
This patch comes from:https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4
Upstream-Status: Backport
+CVE: CVE-2013-0211
Signed-off-by: Baogen shang <baogen.shang@windriver.com>
diff --git a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch
index 4ca779c40f5..5c24396354c 100644
--- a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch
+++ b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch
@@ -7,6 +7,7 @@ This fixes a directory traversal in the cpio tool.
Upstream-Status: backport
+CVE: CVE-2015-2304
Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
diff --git a/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch b/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch
index 5d616458bc4..13b955c4b5c 100644
--- a/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch
+++ b/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch
@@ -13,6 +13,7 @@ This patch is taken from
ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz
Upstream-Status: Inappropriate [upstream is dead]
+CVE: CVE-2014-7844
---
mailx.1 | 14 ++++++++++++++
names.c | 3 +++
diff --git a/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch b/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch
index f65cfa8ca77..ae14b8acfe5 100644
--- a/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch
+++ b/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch
@@ -7,6 +7,7 @@ This patch is taken from
ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz
Upstream-Status: Inappropriate [upstream is dead]
+CVE: CVE-2004-2771
---
fio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch b/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch
index f156290bf6e..741a99035cb 100644
--- a/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch
+++ b/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch
@@ -36,6 +36,7 @@ Date: Thu Aug 6 16:27:20 2015 +0200
Signed-off-by: Olaf Kirch <okir@...e.de>
Upstream-Status: Backport
+ CVE: CVE-2015-7236
Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
diff --git a/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch b/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch
index 2bc9a59beaf..4ac820fde27 100644
--- a/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch
+++ b/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch
@@ -10,6 +10,7 @@ This is time consuming and will overflow stack if n is huge.
Fixes CVE-2015-6806
Upstream-Status: Backport
+CVE: CVE-2015-6806
Signed-off-by: Kuang-che Wu <kcwu@csie.org>
Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
diff --git a/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch b/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch
index da2ae3cb0f9..af5026f5292 100644
--- a/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch
+++ b/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch
@@ -1,4 +1,5 @@
Upstream-Status: Inappropriate [bugfix: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624]
+CVE: CVE-2010-0624
This patch avoids heap overflow reported by :
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624
diff --git a/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch
index 9ba3c1dc627..afc4c734a75 100644
--- a/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch
+++ b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch
@@ -3,6 +3,7 @@ Subject: unzip files encoded with non-latin, non-unicode file names
Last-Update: 2015-02-11
Upstream-Status: Backport
+CVE: CVE-2015-1315
Updated 2015-02-11 by Marc Deslauriers <marc.deslauriers@canonical.com>
to fix buffer overflow in charset_to_intern()
diff --git a/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
index e137f0dc76c..0e497cc65fb 100644
--- a/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
+++ b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
@@ -5,6 +5,7 @@ Bug-Debian: http://bugs.debian.org/773722
The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
Upstream-Status: Backport
+CVE: CVE-2014-8139
Signed-off-by: Roy Li <rongqing.li@windriver.com>
diff --git a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
index edc7d515b0d..c989df18965 100644
--- a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
+++ b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
@@ -5,6 +5,7 @@ Bug-Debian: http://bugs.debian.org/773722
The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
Upstream-Status: Backport
+CVE: CVE-2014-8140
Signed-off-by: Roy Li <rongqing.li@windriver.com>
diff --git a/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch b/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch
index d0c1db39252..c48c23f3046 100644
--- a/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch
+++ b/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch
@@ -5,6 +5,7 @@ Bug-Debian: http://bugs.debian.org/773722
The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
Upstream-Status: Backport
+CVE: CVE-2014-8141
Signed-off-by: Roy Li <rongqing.li@windriver.com>
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch b/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch
index ea93823cbea..87eed965d03 100644
--- a/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch
+++ b/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch
@@ -1,4 +1,5 @@
Upstream-Status: Backport
+CVE: CVE-2015-7696
Signed-off-by: Tudor Florea <tudor.flore@enea.com>
From 68efed87fabddd450c08f3112f62a73f61d493c9 Mon Sep 17 00:00:00 2001
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch b/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch
index da689883383..a8f293674b9 100644
--- a/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch
+++ b/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch
@@ -1,4 +1,5 @@
Upstream-Status: Backport
+CVE: CVE-2015-7697
Signed-off-by: Tudor Florea <tudor.flore@enea.com>
From bd8a743ee0a77e65ad07ef4196c4cd366add3f26 Mon Sep 17 00:00:00 2001
diff --git a/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch b/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch
index 0a0bfbbb17b..5fcd318b253 100644
--- a/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch
+++ b/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch
@@ -4,6 +4,7 @@ Date: Wed, 11 Feb 2015
Subject: Info-ZIP UnZip buffer overflow
Upstream-Status: Backport
+CVE: CVE-2014-9636
By carefully crafting a corrupt ZIP archive with "extra fields" that
purport to have compressed blocks larger than the corresponding
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
index 0542dbe8350..c44c5a113fd 100644
--- a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
@@ -9,6 +9,7 @@ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342
the patch come from:
https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff
+CVE: CVE-2013-4342
Signed-off-by: Li Wang <li.wang@windriver.com>
---
xinetd/builtins.c | 2 +-
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-11-01 00:08:32 +0000