diff options
author | Li Zhou <li.zhou@windriver.com> | 2015-04-24 15:36:36 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-04-28 07:56:00 +0100 |
commit | e64a961e9c5e94e643896e4b68b85bd5b4c27470 (patch) | |
tree | a60d350aa1606b73064c72ea30a772de3cd596ab /meta/recipes-extended/libarchive/libarchive_3.1.2.bb | |
parent | 68994284f3c059b737bfc5afc2600ebd09bdf47f (diff) | |
download | openembedded-core-contrib-e64a961e9c5e94e643896e4b68b85bd5b4c27470.tar.gz |
libarchive: Security Advisory - libarchive - CVE-2015-2304
libarchive: Updated libarchive packages fix security vulnerability
Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio"
program part of the libarchive project, is susceptible to a directory
traversal vulnerability via absolute paths.
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/libarchive/libarchive_3.1.2.bb')
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive_3.1.2.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb index 96e2d500ed..75008c3e26 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb @@ -32,6 +32,7 @@ PACKAGECONFIG[nettle] = "--with-nettle,--without-nettle,nettle," SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ file://libarchive-CVE-2013-0211.patch \ file://pkgconfig.patch \ + file://0001-Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch \ " SRC_URI[md5sum] = "efad5a503f66329bb9d2f4308b5de98a" |