Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add "CVE:" tag to current patches in OE-core | Mariano Lopez | 2016-01-11 | 1 | -0/+1 |
| | | | | | | | | | | | | | | The currnet patches in OE-core doesn't have the "CVE:" tag, now part of the policy of the patches. This is patch add this tag to several patches. There might be patches that I miss; the tag can be added in the future. (From OE-Core rev: 065ebeb3e15311d0d45385e15bf557b1c95b1669) Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||||
* | gnupg: CVE-2013-4242 | Kai Kang | 2014-10-18 | 1 | -0/+62 |
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. Patch from commit e2202ff2b704623efc6277fb5256e4e15bac5676 in git://git.gnupg.org/libgcrypt.git (From OE-Core rev: d1e0f3e71ce9978ff0fc94d71e67b528dad84c5c) Signed-off-by: Yong Zhang <yong.zhang@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |