summaryrefslogtreecommitdiffstats
path: root/recipes-support/gnutls
Commit message (Collapse)AuthorAgeFilesLines
* libtasn1: Drop duplicate CVE patchAdrian Dudau2017-11-242-68/+0
| | | | | | The patch is already applied in upstream poky/pyro. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* libtasn1: CVE-2017-10790Sona Sarmadi2017-10-042-0/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. References: https://nvd.nist.gov/vuln/detail/CVE-2017-10790 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit; h=d8d805e1f2e6799bb2dff4871a8598dc83088a39 (From OE-Core rev: 6176151625c971de031e14c97601ffd75a29772f) (From OE-Core rev: 649f78102222ec156d490968c13d3222379a1956) Patch from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h= pyro&id=cb4fd41504826905455a34d3cb85e952f4ed4991 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* gnutls: CVE-2017-7869Sona Sarmadi2017-08-212-0/+64
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. This issue affects only applications which utilize the OpenPGP certificate functionality of GnuTLS. References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7869 Upstream patch: https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>