diff options
Diffstat (limited to 'meta')
36 files changed, 36 insertions, 1 deletions
diff --git a/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch index f9252e9c22..65ddcaf128 100644 --- a/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch +++ b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | Upstream-Status: Accepted | 1 | Upstream-Status: Accepted |
| 2 | CVE: CVE-2015-8370 | ||
| 2 | Signed-off-by: Awais Belal <awais_belal@mentor.com> | 3 | Signed-off-by: Awais Belal <awais_belal@mentor.com> |
| 3 | 4 | ||
| 4 | From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001 | 5 | From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001 |
diff --git a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch index c9edb30597..c5a0be86f5 100644 --- a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch +++ b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch | |||
| @@ -3,6 +3,7 @@ ppp: Buffer overflow in radius plugin | |||
| 3 | From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450 | 3 | From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450 |
| 4 | 4 | ||
| 5 | Upstream-Status: Backport | 5 | Upstream-Status: Backport |
| 6 | CVE: CVE-2015-3310 | ||
| 6 | 7 | ||
| 7 | On systems with more than 65535 processes running, pppd aborts when | 8 | On systems with more than 65535 processes running, pppd aborts when |
| 8 | sending a "start" accounting message to the RADIUS server because of a | 9 | sending a "start" accounting message to the RADIUS server because of a |
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch index 72f77cc6bd..b904e46bda 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch | |||
| @@ -4,6 +4,7 @@ Date: Fri, 6 Feb 2015 12:46:39 -0500 | |||
| 4 | Subject: [PATCH] libext2fs: fix potential buffer overflow in closefs() | 4 | Subject: [PATCH] libext2fs: fix potential buffer overflow in closefs() |
| 5 | 5 | ||
| 6 | Upstream-Status: Backport | 6 | Upstream-Status: Backport |
| 7 | CVE: CVE-2015-1572 | ||
| 7 | 8 | ||
| 8 | The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if | 9 | The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if |
| 9 | s_first_meta_bg is too big" had a typo in the fix for | 10 | s_first_meta_bg is too big" had a typo in the fix for |
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch index 4de67c9704..5b6346b150 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch | |||
| @@ -11,8 +11,8 @@ fs->desc_blocks. This doesn't correct the bad s_first_meta_bg value, | |||
| 11 | but it avoids causing the e2fsprogs userspace programs from | 11 | but it avoids causing the e2fsprogs userspace programs from |
| 12 | potentially crashing. | 12 | potentially crashing. |
| 13 | 13 | ||
| 14 | Fixes CVE-2015-0247 | ||
| 15 | Upstream-Status: Backport | 14 | Upstream-Status: Backport |
| 15 | CVE: CVE-2015-0247 | ||
| 16 | 16 | ||
| 17 | Signed-off-by: Theodore Ts'o <tytso@mit.edu> | 17 | Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
| 18 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | 18 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> |
diff --git a/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch b/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch index 84e8ddcca7..deba45fa86 100644 --- a/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch +++ b/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch | |||
| @@ -7,6 +7,7 @@ this patch is from: | |||
| 7 | https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e | 7 | https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e |
| 8 | 8 | ||
| 9 | Upstream-Status: Backport | 9 | Upstream-Status: Backport |
| 10 | CVE: CVE-2014-9447 | ||
| 10 | 11 | ||
| 11 | Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> | 12 | Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> |
| 12 | --- | 13 | --- |
diff --git a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch index b107e8f047..a2691f6da8 100644 --- a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch +++ b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch | |||
| @@ -4,6 +4,7 @@ Date: Wed, 10 Jun 2015 14:36:56 +0000 | |||
| 4 | Subject: [PATCH 2/2] rpm: CVE-2013-6435 | 4 | Subject: [PATCH 2/2] rpm: CVE-2013-6435 |
| 5 | 5 | ||
| 6 | Upstream-Status: Backport | 6 | Upstream-Status: Backport |
| 7 | CVE: CVE-2013-6435 | ||
| 7 | 8 | ||
| 8 | Reference: | 9 | Reference: |
| 9 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6435 | 10 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6435 |
diff --git a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch index bf1795ca49..985f150f0f 100644 --- a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch +++ b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch | |||
| @@ -4,6 +4,7 @@ Date: Wed, 10 Jun 2015 12:56:55 +0000 | |||
| 4 | Subject: [PATCH 1/2] rpm: CVE-2014-8118 | 4 | Subject: [PATCH 1/2] rpm: CVE-2014-8118 |
| 5 | 5 | ||
| 6 | Upstream-Status: Backport | 6 | Upstream-Status: Backport |
| 7 | CVE: CVE-2014-8118 | ||
| 7 | 8 | ||
| 8 | Reference: | 9 | Reference: |
| 9 | https://bugzilla.redhat.com/show_bug.cgi?id=1168715 | 10 | https://bugzilla.redhat.com/show_bug.cgi?id=1168715 |
diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch index f054452f37..bea325ea05 100644 --- a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ] | 1 | Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ] |
| 2 | CVE: CVE-2007-4091 | ||
| 2 | 3 | ||
| 3 | The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to | 4 | The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to |
| 4 | address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 | 5 | address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 |
diff --git a/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch b/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch index 5ece5420a3..19e7f39167 100644 --- a/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch +++ b/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch | |||
| @@ -6,6 +6,7 @@ Subject: [PATCH] Complain if an inc-recursive path is not right for its dir. | |||
| 6 | trasnfer path. | 6 | trasnfer path. |
| 7 | 7 | ||
| 8 | Upstream-Status: BackPort | 8 | Upstream-Status: BackPort |
| 9 | CVE: CVE-2014-9512 | ||
| 9 | 10 | ||
| 10 | Fix the CVE-2014-9512, rsync 3.1.1 allows remote attackers to write to arbitrary | 11 | Fix the CVE-2014-9512, rsync 3.1.1 allows remote attackers to write to arbitrary |
| 11 | files via a symlink attack on a file in the synchronization path. | 12 | files via a symlink attack on a file in the synchronization path. |
diff --git a/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch b/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch index 1fcac490ae..c86f478ef1 100644 --- a/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch +++ b/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch | |||
| @@ -5,6 +5,7 @@ Subject: [PATCH 1/1] Add compat flag to allow proper seed checksum order. | |||
| 5 | Fixes the equivalent of librsync's CVE-2014-8242 issue. | 5 | Fixes the equivalent of librsync's CVE-2014-8242 issue. |
| 6 | 6 | ||
| 7 | Upstream-Status: Backport | 7 | Upstream-Status: Backport |
| 8 | CVE: CVE-2014-8242 | ||
| 8 | 9 | ||
| 9 | Signed-off-by: Roy Li <rongqing.li@windriver.com> | 10 | Signed-off-by: Roy Li <rongqing.li@windriver.com> |
| 10 | --- | 11 | --- |
diff --git a/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch b/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch index 8f719ad8d6..5c999197ff 100644 --- a/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch +++ b/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch | |||
| @@ -11,6 +11,7 @@ Author: Vitezslav Cizek <vcizek@suse.cz> | |||
| 11 | Bug-Debian: https://bugs.debian.org/774669 | 11 | Bug-Debian: https://bugs.debian.org/774669 |
| 12 | 12 | ||
| 13 | Upstream-Status: Pending | 13 | Upstream-Status: Pending |
| 14 | CVE: CVE-2015-1197 | ||
| 14 | Signed-off-by: Robert Yang <liezhi.yang@windriver.com> | 15 | Signed-off-by: Robert Yang <liezhi.yang@windriver.com> |
| 15 | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> | 16 | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> |
| 16 | 17 | ||
diff --git a/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch b/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch index 49a7cf52a6..a31573510a 100644 --- a/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch +++ b/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | Upstream-Status: Inappropriate [bugfix: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624] | 1 | Upstream-Status: Inappropriate [bugfix: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624] |
| 2 | CVE: CVE-2010-0624 | ||
| 2 | 3 | ||
| 3 | This patch avoids heap overflow reported by : | 4 | This patch avoids heap overflow reported by : |
| 4 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624 | 5 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624 |
diff --git a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch index 059d0687b3..721f2a0a63 100644 --- a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch +++ b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch | |||
| @@ -10,6 +10,7 @@ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5667 | |||
| 10 | Upstream-Status: Inappropriate [other] | 10 | Upstream-Status: Inappropriate [other] |
| 11 | This version of GNU Grep has been abandoned upstream and they are no longer | 11 | This version of GNU Grep has been abandoned upstream and they are no longer |
| 12 | accepting patches. This is not a backport. | 12 | accepting patches. This is not a backport. |
| 13 | CVE: CVE-2012-5667 | ||
| 13 | 14 | ||
| 14 | Signed-off-by Ming Liu <ming.liu@windriver.com> | 15 | Signed-off-by Ming Liu <ming.liu@windriver.com> |
| 15 | --- | 16 | --- |
diff --git a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch index 126f80e044..19523f4b89 100644 --- a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch +++ b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch | |||
| @@ -6,6 +6,7 @@ Subject: [PATCH] Fix CVE-2013-0211 | |||
| 6 | This patch comes from:https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4 | 6 | This patch comes from:https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4 |
| 7 | 7 | ||
| 8 | Upstream-Status: Backport | 8 | Upstream-Status: Backport |
| 9 | CVE: CVE-2013-0211 | ||
| 9 | 10 | ||
| 10 | Signed-off-by: Baogen shang <baogen.shang@windriver.com> | 11 | Signed-off-by: Baogen shang <baogen.shang@windriver.com> |
| 11 | 12 | ||
diff --git a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch index 4ca779c40f..5c24396354 100644 --- a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch +++ b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch | |||
| @@ -7,6 +7,7 @@ This fixes a directory traversal in the cpio tool. | |||
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | Upstream-Status: backport | 9 | Upstream-Status: backport |
| 10 | CVE: CVE-2015-2304 | ||
| 10 | 11 | ||
| 11 | Signed-off-by: Li Zhou <li.zhou@windriver.com> | 12 | Signed-off-by: Li Zhou <li.zhou@windriver.com> |
| 12 | --- | 13 | --- |
diff --git a/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch b/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch index 5d616458bc..13b955c4b5 100644 --- a/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch +++ b/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch | |||
| @@ -13,6 +13,7 @@ This patch is taken from | |||
| 13 | ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz | 13 | ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz |
| 14 | 14 | ||
| 15 | Upstream-Status: Inappropriate [upstream is dead] | 15 | Upstream-Status: Inappropriate [upstream is dead] |
| 16 | CVE: CVE-2014-7844 | ||
| 16 | --- | 17 | --- |
| 17 | mailx.1 | 14 ++++++++++++++ | 18 | mailx.1 | 14 ++++++++++++++ |
| 18 | names.c | 3 +++ | 19 | names.c | 3 +++ |
diff --git a/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch b/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch index f65cfa8ca7..ae14b8acfe 100644 --- a/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch +++ b/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch | |||
| @@ -7,6 +7,7 @@ This patch is taken from | |||
| 7 | ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz | 7 | ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz |
| 8 | 8 | ||
| 9 | Upstream-Status: Inappropriate [upstream is dead] | 9 | Upstream-Status: Inappropriate [upstream is dead] |
| 10 | CVE: CVE-2004-2771 | ||
| 10 | --- | 11 | --- |
| 11 | fio.c | 2 +- | 12 | fio.c | 2 +- |
| 12 | 1 file changed, 1 insertion(+), 1 deletion(-) | 13 | 1 file changed, 1 insertion(+), 1 deletion(-) |
diff --git a/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch b/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch index f156290bf6..741a99035c 100644 --- a/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch +++ b/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch | |||
| @@ -36,6 +36,7 @@ Date: Thu Aug 6 16:27:20 2015 +0200 | |||
| 36 | Signed-off-by: Olaf Kirch <okir@...e.de> | 36 | Signed-off-by: Olaf Kirch <okir@...e.de> |
| 37 | 37 | ||
| 38 | Upstream-Status: Backport | 38 | Upstream-Status: Backport |
| 39 | CVE: CVE-2015-7236 | ||
| 39 | 40 | ||
| 40 | Signed-off-by: Li Zhou <li.zhou@windriver.com> | 41 | Signed-off-by: Li Zhou <li.zhou@windriver.com> |
| 41 | --- | 42 | --- |
diff --git a/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch b/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch index 2bc9a59bea..4ac820fde2 100644 --- a/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch +++ b/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch | |||
| @@ -10,6 +10,7 @@ This is time consuming and will overflow stack if n is huge. | |||
| 10 | Fixes CVE-2015-6806 | 10 | Fixes CVE-2015-6806 |
| 11 | 11 | ||
| 12 | Upstream-Status: Backport | 12 | Upstream-Status: Backport |
| 13 | CVE: CVE-2015-6806 | ||
| 13 | 14 | ||
| 14 | Signed-off-by: Kuang-che Wu <kcwu@csie.org> | 15 | Signed-off-by: Kuang-che Wu <kcwu@csie.org> |
| 15 | Signed-off-by: Amadeusz Sławiński <amade@asmblr.net> | 16 | Signed-off-by: Amadeusz Sławiński <amade@asmblr.net> |
diff --git a/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch b/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch index da2ae3cb0f..af5026f529 100644 --- a/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch +++ b/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | Upstream-Status: Inappropriate [bugfix: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624] | 1 | Upstream-Status: Inappropriate [bugfix: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624] |
| 2 | CVE: CVE-2010-0624 | ||
| 2 | 3 | ||
| 3 | This patch avoids heap overflow reported by : | 4 | This patch avoids heap overflow reported by : |
| 4 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624 | 5 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624 |
diff --git a/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch index 9ba3c1dc62..afc4c734a7 100644 --- a/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch +++ b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch | |||
| @@ -3,6 +3,7 @@ Subject: unzip files encoded with non-latin, non-unicode file names | |||
| 3 | Last-Update: 2015-02-11 | 3 | Last-Update: 2015-02-11 |
| 4 | 4 | ||
| 5 | Upstream-Status: Backport | 5 | Upstream-Status: Backport |
| 6 | CVE: CVE-2015-1315 | ||
| 6 | 7 | ||
| 7 | Updated 2015-02-11 by Marc Deslauriers <marc.deslauriers@canonical.com> | 8 | Updated 2015-02-11 by Marc Deslauriers <marc.deslauriers@canonical.com> |
| 8 | to fix buffer overflow in charset_to_intern() | 9 | to fix buffer overflow in charset_to_intern() |
diff --git a/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch index e137f0dc76..0e497cc65f 100644 --- a/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch +++ b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch | |||
| @@ -5,6 +5,7 @@ Bug-Debian: http://bugs.debian.org/773722 | |||
| 5 | The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz | 5 | The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz |
| 6 | 6 | ||
| 7 | Upstream-Status: Backport | 7 | Upstream-Status: Backport |
| 8 | CVE: CVE-2014-8139 | ||
| 8 | 9 | ||
| 9 | Signed-off-by: Roy Li <rongqing.li@windriver.com> | 10 | Signed-off-by: Roy Li <rongqing.li@windriver.com> |
| 10 | 11 | ||
diff --git a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch index edc7d515b0..c989df1896 100644 --- a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch +++ b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch | |||
| @@ -5,6 +5,7 @@ Bug-Debian: http://bugs.debian.org/773722 | |||
| 5 | The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz | 5 | The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz |
| 6 | 6 | ||
| 7 | Upstream-Status: Backport | 7 | Upstream-Status: Backport |
| 8 | CVE: CVE-2014-8140 | ||
| 8 | 9 | ||
| 9 | Signed-off-by: Roy Li <rongqing.li@windriver.com> | 10 | Signed-off-by: Roy Li <rongqing.li@windriver.com> |
| 10 | 11 | ||
diff --git a/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch b/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch index d0c1db3925..c48c23f304 100644 --- a/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch +++ b/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch | |||
| @@ -5,6 +5,7 @@ Bug-Debian: http://bugs.debian.org/773722 | |||
| 5 | The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz | 5 | The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz |
| 6 | 6 | ||
| 7 | Upstream-Status: Backport | 7 | Upstream-Status: Backport |
| 8 | CVE: CVE-2014-8141 | ||
| 8 | 9 | ||
| 9 | Signed-off-by: Roy Li <rongqing.li@windriver.com> | 10 | Signed-off-by: Roy Li <rongqing.li@windriver.com> |
| 10 | 11 | ||
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch b/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch index ea93823cbe..87eed965d0 100644 --- a/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch +++ b/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | Upstream-Status: Backport | 1 | Upstream-Status: Backport |
| 2 | CVE: CVE-2015-7696 | ||
| 2 | Signed-off-by: Tudor Florea <tudor.flore@enea.com> | 3 | Signed-off-by: Tudor Florea <tudor.flore@enea.com> |
| 3 | 4 | ||
| 4 | From 68efed87fabddd450c08f3112f62a73f61d493c9 Mon Sep 17 00:00:00 2001 | 5 | From 68efed87fabddd450c08f3112f62a73f61d493c9 Mon Sep 17 00:00:00 2001 |
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch b/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch index da68988338..a8f293674b 100644 --- a/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch +++ b/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | Upstream-Status: Backport | 1 | Upstream-Status: Backport |
| 2 | CVE: CVE-2015-7697 | ||
| 2 | Signed-off-by: Tudor Florea <tudor.flore@enea.com> | 3 | Signed-off-by: Tudor Florea <tudor.flore@enea.com> |
| 3 | 4 | ||
| 4 | From bd8a743ee0a77e65ad07ef4196c4cd366add3f26 Mon Sep 17 00:00:00 2001 | 5 | From bd8a743ee0a77e65ad07ef4196c4cd366add3f26 Mon Sep 17 00:00:00 2001 |
diff --git a/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch b/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch index 0a0bfbbb17..5fcd318b25 100644 --- a/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch +++ b/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch | |||
| @@ -4,6 +4,7 @@ Date: Wed, 11 Feb 2015 | |||
| 4 | Subject: Info-ZIP UnZip buffer overflow | 4 | Subject: Info-ZIP UnZip buffer overflow |
| 5 | 5 | ||
| 6 | Upstream-Status: Backport | 6 | Upstream-Status: Backport |
| 7 | CVE: CVE-2014-9636 | ||
| 7 | 8 | ||
| 8 | By carefully crafting a corrupt ZIP archive with "extra fields" that | 9 | By carefully crafting a corrupt ZIP archive with "extra fields" that |
| 9 | purport to have compressed blocks larger than the corresponding | 10 | purport to have compressed blocks larger than the corresponding |
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch index 0542dbe835..c44c5a113f 100644 --- a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch +++ b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch | |||
| @@ -9,6 +9,7 @@ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342 | |||
| 9 | the patch come from: | 9 | the patch come from: |
| 10 | https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff | 10 | https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff |
| 11 | 11 | ||
| 12 | CVE: CVE-2013-4342 | ||
| 12 | Signed-off-by: Li Wang <li.wang@windriver.com> | 13 | Signed-off-by: Li Wang <li.wang@windriver.com> |
| 13 | --- | 14 | --- |
| 14 | xinetd/builtins.c | 2 +- | 15 | xinetd/builtins.c | 2 +- |
diff --git a/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch index 1e31caa90a..94213a74ef 100644 --- a/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch +++ b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | Upstream-Status: Backport | 1 | Upstream-Status: Backport |
| 2 | CVE: CVE-2014-9676 | ||
| 2 | 3 | ||
| 3 | Backport patch to fix CVE-2014-9676. | 4 | Backport patch to fix CVE-2014-9676. |
| 4 | 5 | ||
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch index c9addca28e..f0667741c8 100644 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch | |||
| @@ -11,6 +11,7 @@ git://git.gnupg.org/libgcrypt.git | |||
| 11 | exponents in secure memory. | 11 | exponents in secure memory. |
| 12 | 12 | ||
| 13 | Upstream-Status: Backport | 13 | Upstream-Status: Backport |
| 14 | CVE: CVE-2013-4242 | ||
| 14 | 15 | ||
| 15 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | 16 | Signed-off-by: Kai Kang <kai.kang@windriver.com> |
| 16 | -- | 17 | -- |
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch index b29ede4233..b50a32f40c 100644 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | Upstream-Status: Backport | 1 | Upstream-Status: Backport |
| 2 | CVE: CVE-2013-4351 | ||
| 2 | 3 | ||
| 3 | Index: gnupg-1.4.7/g10/getkey.c | 4 | Index: gnupg-1.4.7/g10/getkey.c |
| 4 | =================================================================== | 5 | =================================================================== |
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch index b1a22f5853..5dcde1f9cb 100644 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | Upstream-Status: Backport | 1 | Upstream-Status: Backport |
| 2 | CVE: CVE-2013-4576 | ||
| 2 | 3 | ||
| 3 | Index: gnupg-1.4.7/cipher/dsa.c | 4 | Index: gnupg-1.4.7/cipher/dsa.c |
| 4 | =================================================================== | 5 | =================================================================== |
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch index 8b5d9a1693..362717636b 100644 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch | |||
| @@ -17,6 +17,7 @@ Date: Thu Dec 20 09:43:41 2012 +0100 | |||
| 17 | (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa) | 17 | (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa) |
| 18 | 18 | ||
| 19 | Upstream-Status: Backport | 19 | Upstream-Status: Backport |
| 20 | CVE: CVE-2012-6085 | ||
| 20 | 21 | ||
| 21 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | 22 | Signed-off-by: Saul Wold <sgw@linux.intel.com> |
| 22 | 23 | ||
diff --git a/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch b/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch index e4d09c2ac7..f4113efba9 100644 --- a/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch +++ b/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch | |||
| @@ -8,6 +8,7 @@ We need to check that the parent node is an element before dereferencing | |||
| 8 | its namespace | 8 | its namespace |
| 9 | 9 | ||
| 10 | Upstream-Status: Backport | 10 | Upstream-Status: Backport |
| 11 | CVE: CVE-2015-7995 | ||
| 11 | 12 | ||
| 12 | https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617 | 13 | https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617 |
| 13 | 14 | ||
diff --git a/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch b/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch index 3c4a00ef3e..61fa7e5692 100644 --- a/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch +++ b/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch | |||
| @@ -10,6 +10,7 @@ The patch comes from | |||
| 10 | https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 | 10 | https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 |
| 11 | 11 | ||
| 12 | Upstream-Status: Backport | 12 | Upstream-Status: Backport |
| 13 | CVE: CVE-2014-9130 | ||
| 13 | 14 | ||
| 14 | Signed-off-by: Yue Tao <yue.tao@windriver.com> | 15 | Signed-off-by: Yue Tao <yue.tao@windriver.com> |
| 15 | 16 | ||
diff --git a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch b/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch index 2407771804..9b9980397a 100644 --- a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch +++ b/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | Upstream-Status: Backport | 1 | Upstream-Status: Backport |
| 2 | CVE: CVE-2012-2738 | ||
| 2 | Signed-off-by: Ross Burton <ross.burton@intel.com> | 3 | Signed-off-by: Ross Burton <ross.burton@intel.com> |
| 3 | 4 | ||
| 4 | From e524b0b3bd8fad844ffa73927c199545b892cdbd Mon Sep 17 00:00:00 2001 | 5 | From e524b0b3bd8fad844ffa73927c199545b892cdbd Mon Sep 17 00:00:00 2001 |