summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoy Li <rongqing.li@windriver.com>2015-04-29 16:09:38 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-04-30 23:04:15 +0100
commit150fe3720309367185afd96f7e9931566bbb3516 (patch)
tree6524b40adc9eb7b6472e0d57ed24349d10e65253
parent8ca6988e93fb7437a3200523df292eb982513cf9 (diff)
downloadpoky-150fe3720309367185afd96f7e9931566bbb3516.tar.gz
dpkg: upgrade to 1.17.25
upgrade to fix two CVE defects: CVE-2014-8625 and CVE-2015-0840 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8625 Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0840 The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). (From OE-Core rev: 079445990f51f98c8d4f9397dec0ed91ca2490c3) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/dpkg/dpkg_1.17.25.bb (renamed from meta/recipes-devtools/dpkg/dpkg_1.17.21.bb)4
1 files changed, 2 insertions, 2 deletions
diff --git a/meta/recipes-devtools/dpkg/dpkg_1.17.21.bb b/meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
index ebb8671473..74b1dd000f 100644
--- a/meta/recipes-devtools/dpkg/dpkg_1.17.21.bb
+++ b/meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
@@ -15,6 +15,6 @@ SRC_URI += "file://noman.patch \
15 file://add_armeb_triplet_entry.patch \ 15 file://add_armeb_triplet_entry.patch \
16 " 16 "
17 17
18SRC_URI[md5sum] = "765a96fd0180196613bbfa3c4aef0775" 18SRC_URI[md5sum] = "e48fcfdb2162e77d72c2a83432d537ca"
19SRC_URI[sha256sum] = "3ed776627181cb9c1c9ba33f94a6319084be2e9ec9c23dd61ce784c4f602cf05" 19SRC_URI[sha256sum] = "07019d38ae98fb107c79dbb3690cfadff877f153b8c4970e3a30d2e59aa66baa"
20 20