diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2015-08-12 15:00:03 +0200 |
---|---|---|
committer | Sona Sarmadi <sona.sarmadi@enea.com> | 2015-08-12 15:00:03 +0200 |
commit | 07b699ab37025d33af04fb20236ec5eca02f6018 (patch) | |
tree | 1c62ed2efaa2b54feaa7cb2227cd53ee84226812 /meta/recipes-extended/cpio/cpio_2.11.bb | |
parent | 03a7b1cc92344992b6048b6a0a5f0682de7ecc2a (diff) | |
download | poky-07b699ab37025d33af04fb20236ec5eca02f6018.tar.gz |
cpio: fix CVE-2015-1197
Fixes directory traversal vulnerability via symlinks
Initial report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669
Upstream report:
https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Diffstat (limited to 'meta/recipes-extended/cpio/cpio_2.11.bb')
-rw-r--r-- | meta/recipes-extended/cpio/cpio_2.11.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-extended/cpio/cpio_2.11.bb b/meta/recipes-extended/cpio/cpio_2.11.bb index 0220e8cd4a..b248bb7135 100644 --- a/meta/recipes-extended/cpio/cpio_2.11.bb +++ b/meta/recipes-extended/cpio/cpio_2.11.bb | |||
@@ -7,6 +7,7 @@ PR = "r4" | |||
7 | 7 | ||
8 | SRC_URI += "file://remove-gets.patch \ | 8 | SRC_URI += "file://remove-gets.patch \ |
9 | file://fix-memory-overrun.patch \ | 9 | file://fix-memory-overrun.patch \ |
10 | file://cpio-CVE-2015-1197.patch \ | ||
10 | " | 11 | " |
11 | 12 | ||
12 | SRC_URI[md5sum] = "1112bb6c45863468b5496ba128792f6c" | 13 | SRC_URI[md5sum] = "1112bb6c45863468b5496ba128792f6c" |