glibc: CVE-2014-9761

A stack overflow vulnerability was found in nan* functions that could cause applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49) References: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16962 CVE assignment: http://seclists.org/oss-sec/2016/q1/153 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
author: Sona Sarmadi <sona.sarmadi@enea.com> 2016-02-03 11:59:14 +0100
committer: Tudor Florea <tudor.florea@enea.com> 2016-02-03 22:21:39 +0100
commit: a0b44f4563515377fa4944d220f7e0f948729872 (patch)
tree: cdf7dbe29b00928dc673bef9349868d95200a76a /meta/recipes-core/glibc/glibc_2.20.bb
parent: 7273dba2c5f6c834560cd84853a1df358221b469 (diff)
download: poky-a0b44f4563515377fa4944d220f7e0f948729872.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb
index cfbc1c2956..6544b522df 100644
--- a/meta/recipes-core/glibc/glibc_2.20.bb
+++ b/meta/recipes-core/glibc/glibc_2.20.bb
@@ -49,6 +49,8 @@ CVEPATCHES = "\
        file://CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch \
        file://CVE-2014-9402_endless-loop-in-getaddr_r.patch \
        file://CVE-2015-1472-wscanf-allocates-too-little-memory.patch \
+        file://CVE-2014-9761_1.patch \
+        file://CVE-2014-9761_2.patch \
    "
 LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
      file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
author	Sona Sarmadi <sona.sarmadi@enea.com>	2016-02-03 11:59:14 +0100
committer	Tudor Florea <tudor.florea@enea.com>	2016-02-03 22:21:39 +0100
commit	a0b44f4563515377fa4944d220f7e0f948729872 (patch)
tree	cdf7dbe29b00928dc673bef9349868d95200a76a /meta/recipes-core/glibc/glibc_2.20.bb
parent	7273dba2c5f6c834560cd84853a1df358221b469 (diff)
download	poky-a0b44f4563515377fa4944d220f7e0f948729872.tar.gz