From 065ebeb3e15311d0d45385e15bf557b1c95b1669 Mon Sep 17 00:00:00 2001 From: Mariano Lopez Date: Fri, 8 Jan 2016 12:03:58 +0000 Subject: Add "CVE:" tag to current patches in OE-core The currnet patches in OE-core doesn't have the "CVE:" tag, now part of the policy of the patches. This is patch add this tag to several patches. There might be patches that I miss; the tag can be added in the future. Signed-off-by: Mariano Lopez Signed-off-by: Ross Burton --- meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch | 1 + meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch | 1 + meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch | 1 + .../libarchive/libarchive/libarchive-CVE-2013-0211.patch | 1 + .../libarchive/libarchive/libarchive-CVE-2015-2304.patch | 1 + .../mailx/files/0011-outof-Introduce-expandaddr-flag.patch | 1 + .../mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch | 1 + meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch | 1 + .../screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch | 1 + meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch | 1 + .../unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch | 1 + meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch | 1 + meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch | 1 + meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch | 1 + meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch | 1 + meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch | 1 + meta/recipes-extended/unzip/unzip/cve-2014-9636.patch | 1 + meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch | 1 + 18 files changed, 18 insertions(+) (limited to 'meta/recipes-extended') diff --git a/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch b/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch index 8f719ad8d6..5c999197ff 100644 --- a/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch +++ b/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch @@ -11,6 +11,7 @@ Author: Vitezslav Cizek Bug-Debian: https://bugs.debian.org/774669 Upstream-Status: Pending +CVE: CVE-2015-1197 Signed-off-by: Robert Yang Signed-off-by: Alexander Kanavin diff --git a/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch b/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch index 49a7cf52a6..a31573510a 100644 --- a/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch +++ b/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch @@ -1,4 +1,5 @@ Upstream-Status: Inappropriate [bugfix: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624] +CVE: CVE-2010-0624 This patch avoids heap overflow reported by : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624 diff --git a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch index 059d0687b3..721f2a0a63 100644 --- a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch +++ b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch @@ -10,6 +10,7 @@ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5667 Upstream-Status: Inappropriate [other] This version of GNU Grep has been abandoned upstream and they are no longer accepting patches. This is not a backport. +CVE: CVE-2012-5667 Signed-off-by Ming Liu --- diff --git a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch index 126f80e044..19523f4b89 100644 --- a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch +++ b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch @@ -6,6 +6,7 @@ Subject: [PATCH] Fix CVE-2013-0211 This patch comes from:https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4 Upstream-Status: Backport +CVE: CVE-2013-0211 Signed-off-by: Baogen shang diff --git a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch index 4ca779c40f..5c24396354 100644 --- a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch +++ b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch @@ -7,6 +7,7 @@ This fixes a directory traversal in the cpio tool. Upstream-Status: backport +CVE: CVE-2015-2304 Signed-off-by: Li Zhou --- diff --git a/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch b/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch index 5d616458bc..13b955c4b5 100644 --- a/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch +++ b/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch @@ -13,6 +13,7 @@ This patch is taken from ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz Upstream-Status: Inappropriate [upstream is dead] +CVE: CVE-2014-7844 --- mailx.1 | 14 ++++++++++++++ names.c | 3 +++ diff --git a/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch b/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch index f65cfa8ca7..ae14b8acfe 100644 --- a/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch +++ b/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch @@ -7,6 +7,7 @@ This patch is taken from ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz Upstream-Status: Inappropriate [upstream is dead] +CVE: CVE-2004-2771 --- fio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch b/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch index f156290bf6..741a99035c 100644 --- a/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch +++ b/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch @@ -36,6 +36,7 @@ Date: Thu Aug 6 16:27:20 2015 +0200 Signed-off-by: Olaf Kirch Upstream-Status: Backport + CVE: CVE-2015-7236 Signed-off-by: Li Zhou --- diff --git a/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch b/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch index 2bc9a59bea..4ac820fde2 100644 --- a/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch +++ b/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch @@ -10,6 +10,7 @@ This is time consuming and will overflow stack if n is huge. Fixes CVE-2015-6806 Upstream-Status: Backport +CVE: CVE-2015-6806 Signed-off-by: Kuang-che Wu Signed-off-by: Amadeusz Sławiński diff --git a/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch b/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch index da2ae3cb0f..af5026f529 100644 --- a/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch +++ b/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch @@ -1,4 +1,5 @@ Upstream-Status: Inappropriate [bugfix: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624] +CVE: CVE-2010-0624 This patch avoids heap overflow reported by : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624 diff --git a/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch index 9ba3c1dc62..afc4c734a7 100644 --- a/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch +++ b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch @@ -3,6 +3,7 @@ Subject: unzip files encoded with non-latin, non-unicode file names Last-Update: 2015-02-11 Upstream-Status: Backport +CVE: CVE-2015-1315 Updated 2015-02-11 by Marc Deslauriers to fix buffer overflow in charset_to_intern() diff --git a/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch index e137f0dc76..0e497cc65f 100644 --- a/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch +++ b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch @@ -5,6 +5,7 @@ Bug-Debian: http://bugs.debian.org/773722 The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz Upstream-Status: Backport +CVE: CVE-2014-8139 Signed-off-by: Roy Li diff --git a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch index edc7d515b0..c989df1896 100644 --- a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch +++ b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch @@ -5,6 +5,7 @@ Bug-Debian: http://bugs.debian.org/773722 The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz Upstream-Status: Backport +CVE: CVE-2014-8140 Signed-off-by: Roy Li diff --git a/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch b/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch index d0c1db3925..c48c23f304 100644 --- a/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch +++ b/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch @@ -5,6 +5,7 @@ Bug-Debian: http://bugs.debian.org/773722 The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz Upstream-Status: Backport +CVE: CVE-2014-8141 Signed-off-by: Roy Li diff --git a/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch b/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch index ea93823cbe..87eed965d0 100644 --- a/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch +++ b/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch @@ -1,4 +1,5 @@ Upstream-Status: Backport +CVE: CVE-2015-7696 Signed-off-by: Tudor Florea From 68efed87fabddd450c08f3112f62a73f61d493c9 Mon Sep 17 00:00:00 2001 diff --git a/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch b/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch index da68988338..a8f293674b 100644 --- a/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch +++ b/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch @@ -1,4 +1,5 @@ Upstream-Status: Backport +CVE: CVE-2015-7697 Signed-off-by: Tudor Florea From bd8a743ee0a77e65ad07ef4196c4cd366add3f26 Mon Sep 17 00:00:00 2001 diff --git a/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch b/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch index 0a0bfbbb17..5fcd318b25 100644 --- a/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch +++ b/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch @@ -4,6 +4,7 @@ Date: Wed, 11 Feb 2015 Subject: Info-ZIP UnZip buffer overflow Upstream-Status: Backport +CVE: CVE-2014-9636 By carefully crafting a corrupt ZIP archive with "extra fields" that purport to have compressed blocks larger than the corresponding diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch index 0542dbe835..c44c5a113f 100644 --- a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch +++ b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch @@ -9,6 +9,7 @@ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342 the patch come from: https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff +CVE: CVE-2013-4342 Signed-off-by: Li Wang --- xinetd/builtins.c | 2 +- -- cgit 1.2.3-korg