summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2017-15670.patch38
-rw-r--r--meta/recipes-core/glibc/glibc_2.24.bb1
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
new file mode 100644
index 0000000000..b606cc275f
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
@@ -0,0 +1,38 @@
1commit a76376df7c07e577a9515c3faa5dbd50bda5da07
2Author: Paul Eggert <eggert@cs.ucla.edu>
3Date: Fri Oct 20 18:41:14 2017 +0200
4
5 CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
6
7Upstream-Status: Backport
8
9CVE: CVE-2017-15670
10Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
11
12Index: git/ChangeLog
13===================================================================
14--- git.orig/ChangeLog 2017-11-16 18:12:32.457928327 +0530
15+++ git/ChangeLog 2017-11-16 18:18:24.423642908 +0530
16@@ -1,3 +1,9 @@
17+2017-10-20 Paul Eggert <eggert@cs.ucla.edu>
18+
19+ [BZ #22320]
20+ CVE-2017-15670
21+ * posix/glob.c (__glob): Fix one-byte overflow.
22+
23 2017-05-05 Florian Weimer <fweimer@redhat.com>
24
25 [BZ #21461]
26Index: git/posix/glob.c
27===================================================================
28--- git.orig/posix/glob.c 2017-11-16 18:12:14.833843602 +0530
29+++ git/posix/glob.c 2017-11-16 18:16:39.511127432 +0530
30@@ -856,7 +856,7 @@
31 *p = '\0';
32 }
33 else
34- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
35+ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
36 = '\0';
37 user_name = newp;
38 }
diff --git a/meta/recipes-core/glibc/glibc_2.24.bb b/meta/recipes-core/glibc/glibc_2.24.bb
index 966be34405..6ea45857d2 100644
--- a/meta/recipes-core/glibc/glibc_2.24.bb
+++ b/meta/recipes-core/glibc/glibc_2.24.bb
@@ -57,6 +57,7 @@ SRC_URI += "\
57 file://generate-supported.mk \ 57 file://generate-supported.mk \
58 file://0001-locale-fix-hard-coded-reference-to-gcc-E.patch \ 58 file://0001-locale-fix-hard-coded-reference-to-gcc-E.patch \
59 file://CVE-2017-8804.patch \ 59 file://CVE-2017-8804.patch \
60 file://CVE-2017-15670.patch \
60 " 61 "
61 62
62SRC_URI_append_class-nativesdk = "\ 63SRC_URI_append_class-nativesdk = "\