summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
Commit message (Collapse)AuthorAgeFilesLines
* glibc: CVE-2015-7547Sona Sarmadi2016-02-262-0/+622
| | | | | | | | | | | | | getaddrinfo stack-based buffer overflow References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547 https://sourceware.org/bugzilla/show_bug.cgi?id=18665 https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* libxml2: CVE-2015-7500Sona Sarmadi2016-02-253-0/+271
| | | | | | | | | | Fixes Heap buffer overflow in xmlParseMisc Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* libxml2: CVE-2015-8242Sona Sarmadi2016-02-252-0/+50
| | | | | | | | | | Fixes buffer overread with HTML parser in push mode in xmlSAX2TextNode [NEEDINFO]. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* libxml2: CVE-2015-8317Sona Sarmadi2016-02-252-0/+43
| | | | | | | | | | | Fixes out-of-bounds heap read when parsing file with unfinished xml declaration. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* glibc: CVE-2015-8779Sona Sarmadi2016-02-042-0/+233
| | | | | | | | | | | | | | | | | | | | Fixes an overflow vulnerability causing applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (From OE-Core rev: af20e323932caba8883c91dac610e1ba2b3d4ab5) Rferences: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8779 Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=17905 CVE assignment: http://seclists.org/oss-sec/2016/q1/153 Reference to the upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h= 0f58539030e436449f79189b6edab17d7479796e Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* glibc: CVE-2015-8778Sona Sarmadi2016-02-042-0/+188
| | | | | | | | | | | | | | | Fixes integer overflow in hcreate and hcreate_r. References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8778 Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=18240 CVE assignment: http://seclists.org/oss-sec/2016/q1/153 Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=287de30e170cb765ed326d23d22791a81aab6e0f Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* glibc: CVE-2015-8777Sona Sarmadi2016-02-032-0/+89
| | | | | | | | | | | | | | | | | | | The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. (From OE-Core rev: 22570ba08d7c6157aec58764c73b1134405b0252) References: https://sourceware.org/bugzilla/show_bug.cgi?id=18928 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777 Reproducing steps available at: http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html CVE request: http://seclists.org/oss-sec/2015/q3/504 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* glibc: CVE-2015-8776Sona Sarmadi2016-02-032-0/+161
| | | | | | | | | | | | | | | | It was found that out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information. (From OE-Core rev: b9bc001ee834e4f8f756a2eaf2671aac3324b0ee) References: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=18985 CVE assignment: http://seclists.org/oss-sec/2016/q1/153 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8776 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* glibc: CVE-2014-9761Sona Sarmadi2016-02-033-0/+1330
| | | | | | | | | | | | | | | A stack overflow vulnerability was found in nan* functions that could cause applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49) References: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16962 CVE assignment: http://seclists.org/oss-sec/2016/q1/153 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* libxml2: CVE-2015-8241Sona Sarmadi2015-11-242-0/+42
| | | | | | | | | | | | Upstream bug (contains reproducer): https://bugzilla.gnome.org/show_bug.cgi?id=756263 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id= ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* libxml2: CVE-2015-8035Sona Sarmadi2015-11-202-0/+36
| | | | | | | | | | | | | | | Fixes DoS when parsing specially crafted XML document if XZ support is enabled. References: https://bugzilla.gnome.org/show_bug.cgi?id=757466 Upstream correction: https://git.gnome.org/browse/libxml2/commit/?id= f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* libxml2: CVE-2015-7942Sona Sarmadi2015-11-032-0/+59
| | | | | | | | | | | | | | Fixes heap-based buffer overflow in xmlParseConditionalSections(). Upstream patch: https://git.gnome.org/browse/libxml2/commit/ ?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=756456 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* glibc/wscanf: CVE-2015-1472Sona Sarmadi2015-10-222-0/+109
| | | | | | | | | | | | | | | | Fixes a heap buffer overflow in glibc wscanf. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472 https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html http://openwall.com/lists/oss-security/2015/02/04/1 Reference to upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit; h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* initial commit for Enea Linux 5.0 armTudor Florea2015-10-09486-0/+64612
Signed-off-by: Tudor Florea <tudor.florea@enea.com>