From 065ebeb3e15311d0d45385e15bf557b1c95b1669 Mon Sep 17 00:00:00 2001 From: Mariano Lopez Date: Fri, 8 Jan 2016 12:03:58 +0000 Subject: Add "CVE:" tag to current patches in OE-core The currnet patches in OE-core doesn't have the "CVE:" tag, now part of the policy of the patches. This is patch add this tag to several patches. There might be patches that I miss; the tag can be added in the future. Signed-off-by: Mariano Lopez Signed-off-by: Ross Burton --- .../0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch | 1 + meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch | 2 +- .../elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch | 1 + meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch | 1 + meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch | 1 + meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch | 1 + .../0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch | 1 + meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch | 1 + 8 files changed, 8 insertions(+), 1 deletion(-) (limited to 'meta/recipes-devtools') diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch index 72f77cc6bd..b904e46bda 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch @@ -4,6 +4,7 @@ Date: Fri, 6 Feb 2015 12:46:39 -0500 Subject: [PATCH] libext2fs: fix potential buffer overflow in closefs() Upstream-Status: Backport +CVE: CVE-2015-1572 The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if s_first_meta_bg is too big" had a typo in the fix for diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch index 4de67c9704..5b6346b150 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch @@ -11,8 +11,8 @@ fs->desc_blocks. This doesn't correct the bad s_first_meta_bg value, but it avoids causing the e2fsprogs userspace programs from potentially crashing. -Fixes CVE-2015-0247 Upstream-Status: Backport +CVE: CVE-2015-0247 Signed-off-by: Theodore Ts'o Signed-off-by: Sona Sarmadi diff --git a/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch b/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch index 84e8ddcca7..deba45fa86 100644 --- a/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch +++ b/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch @@ -7,6 +7,7 @@ this patch is from: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e Upstream-Status: Backport +CVE: CVE-2014-9447 Signed-off-by: Li Xin --- diff --git a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch index b107e8f047..a2691f6da8 100644 --- a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch +++ b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch @@ -4,6 +4,7 @@ Date: Wed, 10 Jun 2015 14:36:56 +0000 Subject: [PATCH 2/2] rpm: CVE-2013-6435 Upstream-Status: Backport +CVE: CVE-2013-6435 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6435 diff --git a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch index bf1795ca49..985f150f0f 100644 --- a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch +++ b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch @@ -4,6 +4,7 @@ Date: Wed, 10 Jun 2015 12:56:55 +0000 Subject: [PATCH 1/2] rpm: CVE-2014-8118 Upstream-Status: Backport +CVE: CVE-2014-8118 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1168715 diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch index f054452f37..bea325ea05 100644 --- a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch @@ -1,4 +1,5 @@ Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ] +CVE: CVE-2007-4091 The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 diff --git a/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch b/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch index 5ece5420a3..19e7f39167 100644 --- a/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch +++ b/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch @@ -6,6 +6,7 @@ Subject: [PATCH] Complain if an inc-recursive path is not right for its dir. trasnfer path. Upstream-Status: BackPort +CVE: CVE-2014-9512 Fix the CVE-2014-9512, rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. diff --git a/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch b/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch index 1fcac490ae..c86f478ef1 100644 --- a/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch +++ b/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch @@ -5,6 +5,7 @@ Subject: [PATCH 1/1] Add compat flag to allow proper seed checksum order. Fixes the equivalent of librsync's CVE-2014-8242 issue. Upstream-Status: Backport +CVE: CVE-2014-8242 Signed-off-by: Roy Li --- -- cgit 1.2.3-korg