lrzsz: fix CVE-2018-10195

"Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak information to receiver." Take a patch from Fedora to resolve CVE-2018-10195. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@intel.com> 2018-09-11 10:37:40 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-09-11 10:46:12 +0100
commit: a7b50fcee9a295de57f743fa3637905992da722e (patch)
tree: 93302e59a50dbd6cd05c09fc41367a5a22cba3f5 /meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
parent: 44d826327e9336d7490745d5721d79809556b177 (diff)
download: openembedded-core-contrib-a7b50fcee9a295de57f743fa3637905992da722e.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb b/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
index 4b349be32f..002c774c6d 100644
--- a/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
+++ b/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
@@ -19,6 +19,7 @@ SRC_URI = "http://www.ohse.de/uwe/releases/lrzsz-${PV}.tar.gz \
 	   file://acdefine.patch \
 	   file://lrzsz_fix_for_automake-1.12.patch \
            file://lrzsz-check-locale.h.patch \
+           file://cve-2018-10195.patch \
            "
 
 SRC_URI[md5sum] = "b5ce6a74abc9b9eb2af94dffdfd372a4"
author	Ross Burton <ross.burton@intel.com>	2018-09-11 10:37:40 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-09-11 10:46:12 +0100
commit	a7b50fcee9a295de57f743fa3637905992da722e (patch)
tree	93302e59a50dbd6cd05c09fc41367a5a22cba3f5 /meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
parent	44d826327e9336d7490745d5721d79809556b177 (diff)
download	openembedded-core-contrib-a7b50fcee9a295de57f743fa3637905992da722e.tar.gz