diff options
author | Robert Yang <liezhi.yang@windriver.com> | 2015-03-26 02:18:09 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-03-29 23:07:14 +0100 |
commit | af18ce070bd1c73f3619d6370928fe7e2e06ff5e (patch) | |
tree | 8c57514834a01deff418d953c431be66a1ca6e4e /meta/recipes-extended/cpio/cpio_2.11.bb | |
parent | 4c389880dc9c6221344f7aed221fe8356e8c2056 (diff) | |
download | openembedded-core-contrib-af18ce070bd1c73f3619d6370928fe7e2e06ff5e.tar.gz |
cpio: fix CVE-2015-1197
Additional directory traversal vulnerability via symlinks
cpio CVE-2015-1197
Initial report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669
Upstream report:
https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html
And fix the indent in SRC_URI.
[YOCTO #7182]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/cpio/cpio_2.11.bb')
-rw-r--r-- | meta/recipes-extended/cpio/cpio_2.11.bb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/recipes-extended/cpio/cpio_2.11.bb b/meta/recipes-extended/cpio/cpio_2.11.bb index c42db6f352..053888f1c0 100644 --- a/meta/recipes-extended/cpio/cpio_2.11.bb +++ b/meta/recipes-extended/cpio/cpio_2.11.bb @@ -6,7 +6,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949" PR = "r5" SRC_URI += "file://remove-gets.patch \ - file://fix-memory-overrun.patch \ + file://fix-memory-overrun.patch \ + file://cpio-CVE-2015-1197.patch \ " SRC_URI[md5sum] = "1112bb6c45863468b5496ba128792f6c" |