diff options
author | Kang Kai <kai.kang@windriver.com> | 2014-10-29 08:30:59 +0800 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2014-11-07 15:05:46 +0100 |
commit | 47cc7a8d1640d9128e2eaf3cc79cdef41e85881c (patch) | |
tree | 75eccdd3c788afe620bd2b54e5a86fcc5b9a3da7 /meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb | |
parent | ffb649d04322db8c3e218ee1a4499e202657375d (diff) | |
download | meta-openembedded-contrib-47cc7a8d1640d9128e2eaf3cc79cdef41e85881c.tar.gz |
libyaml: add fix for CVE-2014-2525 Security Advisory
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function
in LibYAML before 0.1.6 allows context-dependent attackers to execute
arbitrary code via a long sequence of percent-encoded characters in a
URI in a YAML file.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2525
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb')
-rw-r--r-- | meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb b/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb index c44eda4ee1..1279541966 100644 --- a/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb +++ b/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb @@ -7,7 +7,9 @@ SECTION = "libs/devel" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17" -SRC_URI = "http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz" +SRC_URI = "http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \ + file://libyaml-CVE-2014-2525.patch \ + " SRC_URI[md5sum] = "24f6093c1e840ca5df2eb09291a1dbf1" SRC_URI[sha256sum] = "fa87ee8fb7b936ec04457bc044cd561155e1000a4d25029867752e543c2d3bef" |