summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/rsync/rsync-2.6.9
diff options
context:
space:
mode:
authorGuillem Jover <guillem@debian.org>2014-06-17 04:25:51 -0400
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-10-10 15:06:06 +0100
commit570345adfd10847e40de573457f127c70d7c7b33 (patch)
treeded308e9a69591917307355adcff86c676e313e2 /meta/recipes-devtools/rsync/rsync-2.6.9
parent90623776248e50a7a2b95247ba7b4aeac2dcbdc2 (diff)
downloadpoky-570345adfd10847e40de573457f127c70d7c7b33.tar.gz
dpkg: Security Advisory - CVE-2014-0471
v2 changes: * update format for commit log * add Upstream-Status for patch commit a82651188476841d190c58693f95827d61959b51 upstream Dkpkg::Source::Patch: Correctly parse C-style diff filenames We need to strip the surrounding quotes, and unescape any escape sequence, so that we check the same files that the patch program will be using, otherwise a malicious package could overpass those checks, and perform directory traversal attacks on source package unpacking. Fixes: CVE-2014-0471 Reported-by: Jakub Wilk <jwilk@debian.org> [drop the text for debian/changelog,because it's not suitable for the veriosn] (From OE-Core rev: 81880b34a8261e824c5acafaa4cb321908e554a0) (From OE-Core rev: c75316fc256d229cfad45cd57328920993d93d8d) Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/rsync/rsync-2.6.9')
0 files changed, 0 insertions, 0 deletions