summaryrefslogtreecommitdiffstats
path: root/meta
Commit message (Collapse)AuthorAgeFilesLines
* eglibc: CVE-2014-7817 wordexp fails to honour WRDE_NOCMDSona Sarmadi2015-07-062-0/+165
| | | | | | | | | | | | Command execution in wordexp() with WRDE_NOCMD specified Changes in the NEWS and ChangeLog files from the original upstream commit have been ignored Reference https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* eglibc: CVE-2014-5119 fixArmin Kuster2015-07-062-0/+241
| | | | | | | | | | | | | | | __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). (From OE-Core rev: 3f0a4551969798803e019435f1f4b5e8f88bea1a) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* Qemu: CVE-2014-2894Sona Sarmadi2015-07-062-1/+48
| | | | | | | | | | Fixes an out of bounds memory access flaw in Qemu's IDE device model Reference http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2894 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* binutils: several security fixesSona Sarmadi2015-07-069-0/+1148
| | | | | | | | | | | | CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* bind: fix for CVE-2014-8500Sona Sarmadi2015-07-062-0/+991
| | | | | | | | | | | | | | | | A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. External References: =================== https://kb.isc.org/article/AA-01216/74/CVE-2014-8500%3A-A-Defect-in-\ Delegation-Handling-Can-Be-Exploited-to-Crash-BIND.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* Fix CVE-2014-3568Catalin Popeanga2015-07-062-0/+99
| | | | | | | | Fix no-ssl3 configuration option This patch is a backport from OpenSSL_1.0.1j. Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
* Fix CVE-2014-3567Catalin Popeanga2015-07-062-0/+32
| | | | | | | | Fix for session tickets memory leak. This patch is a backport from OpenSSL_1.0.1j. Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
* Fix CVE-2014-3513Catalin Popeanga2015-07-062-0/+211
| | | | | | | | Fix for SRTP Memory Leak This patch is a backport from OpenSSL_1.0.1j. Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
* Fix-CVE-2014-3566Catalin Popeanga2015-07-062-0/+500
| | | | | | | | OpenSSL_1.0.1 SSLV3 POODLE VULNERABILITY (CVE2014-3566) This patch is a backport from OpenSSL_1.0.1j. Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
* bash-Upgrade-shell-to-fix-the-ShellShockCatalin Popeanga2015-07-062-0/+109
| | | | Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
* Fix for OpenSSL security vulnerabilitiesSona Sarmadi2015-07-067-0/+303
| | | | | | | | | | 1) DTLS invalid fragment vulnerability (CVE-2014-0195) 2) DTLS recursion flaw (CVE-2014-0221) 3) SSL/TLS MITM vulnerability (CVE-2014-0224) 4) Anonymous ECDH denial of service (CVE-2014-3470) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com>
* initial commit for Enea Linux 4.0Adrian Dudau2014-06-263651-0/+348560
Migrated from the internal git server on the daisy-enea branch Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-22 06:03:10 +0000