diff options
author | Chong Lu <Chong.Lu@windriver.com> | 2015-01-22 17:28:34 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-02-06 14:56:07 +0000 |
commit | 46e8377c42030eb04972940cd022a8d214d477c7 (patch) | |
tree | 4bf54419eb27d1e8eb1c715ed1f55ab3d2d4b2b2 /meta/recipes-devtools/file/file_5.16.bb | |
parent | 148b7d20d40588e3dd34fddaec850b7238c580ce (diff) | |
download | poky-46e8377c42030eb04972940cd022a8d214d477c7.tar.gz |
file: CVE-2014-9620 and CVE-2014-9621
CVE-2014-9620:
Limit the number of ELF notes processed - DoS
CVE-2014-9621:
Limit string printing to 100 chars - DoS
The patch comes from:
https://github.com/file/file/commit/6ce24f35cd4a43c4bdd249e8e0c4952c1f8eac67
https://github.com/file/file/commit/0056ec32255de1de973574b0300161a1568767d6
https://github.com/file/file/commit/09e41625c999a2e5b51e1092f0ef2432a99b5c33
https://github.com/file/file/commit/af444af0738468393f40f9d2261b1ea10fc4b2ba
https://github.com/file/file/commit/68bd8433c7e11a8dbe100deefdfac69138ee7cd9
https://github.com/file/file/commit/dddd3cdb95210a765dd90f7d722cb8b5534daee7
https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4
https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c
[YOCTO #7178]
(From OE-Core rev: ee78555fe54e98c6296566b5e701ef268d77db61)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
[sgw - Fixed magic.h.in to match magic.h]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/file/file_5.16.bb')
-rw-r--r-- | meta/recipes-devtools/file/file_5.16.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/file/file_5.16.bb b/meta/recipes-devtools/file/file_5.16.bb index a15d952e3d..f231a55059 100644 --- a/meta/recipes-devtools/file/file_5.16.bb +++ b/meta/recipes-devtools/file/file_5.16.bb | |||
@@ -12,6 +12,7 @@ DEPENDS = "zlib file-native" | |||
12 | DEPENDS_class-native = "zlib-native" | 12 | DEPENDS_class-native = "zlib-native" |
13 | 13 | ||
14 | SRC_URI = "ftp://ftp.astron.com/pub/file/file-${PV}.tar.gz \ | 14 | SRC_URI = "ftp://ftp.astron.com/pub/file/file-${PV}.tar.gz \ |
15 | file://file-CVE-2014-9620-and-CVE-2014-9621.patch \ | ||
15 | file://dump \ | 16 | file://dump \ |
16 | file://filesystems" | 17 | file://filesystems" |
17 | 18 | ||