diff options
| author | Chong Lu <Chong.Lu@windriver.com> | 2014-09-26 09:49:19 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-09-30 14:10:34 +0100 |
| commit | 6a300317086e1422953abdd5825680b216c2c211 (patch) | |
| tree | 8a614a9e0ad4d9f5cd28e1be9039e6b1e35185b1 /meta/recipes-devtools/apt/apt.inc | |
| parent | 202ae5af74f546a9788290a96b0f3c370ee047b2 (diff) | |
| download | poky-6a300317086e1422953abdd5825680b216c2c211.tar.gz | |
apt: fix for CVE-2014-0478
APT before 1.0.4 does not properly validate source packages, which allows
man-in-the-middle attackers to download and install Trojan horse packages
by removing the Release signature.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0478
(From OE-Core rev: 3dd692fcf2b0c11731b3f30abdf2b1878458a898)
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/apt/apt.inc')
| -rw-r--r-- | meta/recipes-devtools/apt/apt.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/apt/apt.inc b/meta/recipes-devtools/apt/apt.inc index b528c00fd8..378021a327 100644 --- a/meta/recipes-devtools/apt/apt.inc +++ b/meta/recipes-devtools/apt/apt.inc | |||
| @@ -11,6 +11,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/a/apt/apt_${PV}.tar.gz \ | |||
| 11 | file://truncate-filename.patch \ | 11 | file://truncate-filename.patch \ |
| 12 | file://nodoc.patch \ | 12 | file://nodoc.patch \ |
| 13 | file://disable-configure-in-makefile.patch \ | 13 | file://disable-configure-in-makefile.patch \ |
| 14 | file://apt-0.9.9.4-CVE-2014-0478.patch \ | ||
| 14 | " | 15 | " |
| 15 | 16 | ||
| 16 | inherit autotools gettext | 17 | inherit autotools gettext |