summaryrefslogtreecommitdiffstats
path: root/meta
Commit message (Collapse)AuthorAgeFilesLines
* libxml2: CVE-2015-7500Sona Sarmadi2016-02-253-0/+271
| | | | | | | | | | Fixes Heap buffer overflow in xmlParseMisc Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* libxml2: CVE-2015-8242Sona Sarmadi2016-02-252-0/+50
| | | | | | | | | | Fixes buffer overread with HTML parser in push mode in xmlSAX2TextNode [NEEDINFO]. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* libxml2: CVE-2015-8317Sona Sarmadi2016-02-252-0/+43
| | | | | | | | | | | Fixes out-of-bounds heap read when parsing file with unfinished xml declaration. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* glibc: CVE-2015-8779Sona Sarmadi2016-02-042-0/+233
| | | | | | | | | | | | | | | | | | | | Fixes an overflow vulnerability causing applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (From OE-Core rev: af20e323932caba8883c91dac610e1ba2b3d4ab5) Rferences: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8779 Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=17905 CVE assignment: http://seclists.org/oss-sec/2016/q1/153 Reference to the upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h= 0f58539030e436449f79189b6edab17d7479796e Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* glibc: CVE-2015-8778Sona Sarmadi2016-02-042-0/+188
| | | | | | | | | | | | | | | Fixes integer overflow in hcreate and hcreate_r. References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8778 Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=18240 CVE assignment: http://seclists.org/oss-sec/2016/q1/153 Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=287de30e170cb765ed326d23d22791a81aab6e0f Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* glibc: CVE-2015-8777Sona Sarmadi2016-02-032-0/+89
| | | | | | | | | | | | | | | | | | | The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. (From OE-Core rev: 22570ba08d7c6157aec58764c73b1134405b0252) References: https://sourceware.org/bugzilla/show_bug.cgi?id=18928 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777 Reproducing steps available at: http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html CVE request: http://seclists.org/oss-sec/2015/q3/504 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* glibc: CVE-2015-8776Sona Sarmadi2016-02-032-0/+161
| | | | | | | | | | | | | | | | It was found that out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information. (From OE-Core rev: b9bc001ee834e4f8f756a2eaf2671aac3324b0ee) References: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=18985 CVE assignment: http://seclists.org/oss-sec/2016/q1/153 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8776 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* glibc: CVE-2014-9761Sona Sarmadi2016-02-033-0/+1330
| | | | | | | | | | | | | | | A stack overflow vulnerability was found in nan* functions that could cause applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49) References: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16962 CVE assignment: http://seclists.org/oss-sec/2016/q1/153 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* gnutls: CVE-2015-6251Sona Sarmadi2016-01-222-0/+28
| | | | | | | | | | | | | | | | | Fixes double free flaw in certificate DN decoding. (Add back the patch inappropriately removed) References: http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-6251 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6251 Upstream fix: https://gitlab.com/gnutls/gnutls/commit/ 272854367efc130fbd4f1a51840d80c630214e12 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* openssh: CVE-2016-0777 and CVE-2016-0778Sona Sarmadi2016-01-222-1/+59
| | | | | | | | | | | | | | | | | | | | Fixes following CVEs: CVE-2016-0777 OpenSSH: Client Information leak due to use of roaming connection feature CVE-2016-0778 OpenSSH: Client buffer-overflow when using roaming connections References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778 Backported from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/patch/ ?id=9845a542a76156adb5aef6fd33ad5bc5777acf64 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* bind: CVE-2015-8704Sona Sarmadi2016-01-222-0/+49
| | | | | | | | | | | | | A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c. References: https://kb.isc.org/article/AA-01335 https://kb.isc.org/article/AA-00913 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* initial commit for Enea Linux 5.0-ppcAdrian Dudau2016-01-1510-100/+146
| | | | Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* gnutls: CVE-2015-6251Sona Sarmadi2016-01-082-0/+28
| | | | | | | | | | | | | | | | Fixes double free flaw in certificate DN decoding. References: http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-6251 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6251 Upstream fix: https://gitlab.com/gnutls/gnutls/commit/ 272854367efc130fbd4f1a51840d80c630214e12 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* bind: CVE-2015-8000Sona Sarmadi2015-12-212-0/+195
| | | | | | | | | | | | | | | | | | Fixes a denial of service in BIND. An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. References: http://www.openwall.com/lists/oss-security/2015/12/15/14 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000 https://bugzilla.redhat.com/attachment.cgi?id=1105581 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Huimin She <huimin.she@enea.com>
* openssl: CVE-2015-3194, CVE-2015-3195Sona Sarmadi2015-12-143-0/+96
| | | | | | | | | | | | | Fixes following vulnerabilities: Certificate verify crash with missing PSS parameter (CVE-2015-3194) X509_ATTRIBUTE memory leak (CVE-2015-3195) References: https://openssl.org/news/secadv/20151203.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* libxml2: CVE-2015-8241Sona Sarmadi2015-11-242-0/+42
| | | | | | | | | | | | Upstream bug (contains reproducer): https://bugzilla.gnome.org/show_bug.cgi?id=756263 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id= ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* libxml2: CVE-2015-8035Sona Sarmadi2015-11-202-0/+36
| | | | | | | | | | | | | | | Fixes DoS when parsing specially crafted XML document if XZ support is enabled. References: https://bugzilla.gnome.org/show_bug.cgi?id=757466 Upstream correction: https://git.gnome.org/browse/libxml2/commit/?id= f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* bind: CVE-2015-1349 CVE-2015-4620 CVE-2015-5722Armin Kuster2015-11-124-0/+589
| | | | | | | | | | three security fixes. (From OE-Core rev: d3af844b05e566c2188fc3145e66a9826fed0ec8) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* libxml2: CVE-2015-7942Sona Sarmadi2015-11-032-0/+59
| | | | | | | | | | | | | | Fixes heap-based buffer overflow in xmlParseConditionalSections(). Upstream patch: https://git.gnome.org/browse/libxml2/commit/ ?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=756456 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* unzip: CVE-2015-7696, CVE-2015-7697Tudor Florea2015-10-293-0/+71
| | | | | | | | | | | | CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping References: http://www.openwall.com/lists/oss-security/2015/10/11/5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697 Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* glibc/wscanf: CVE-2015-1472Sona Sarmadi2015-10-222-0/+109
| | | | | | | | | | | | | | | | Fixes a heap buffer overflow in glibc wscanf. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472 https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html http://openwall.com/lists/oss-security/2015/02/04/1 Reference to upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit; h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* python: Backport CVE-2013-1752 fix from upstreamTudor Florea2015-10-225-0/+385
| | | | Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* python: Backport CVE-2013-1752 fix from upstreamTudor Florea2015-10-222-0/+46
| | | | Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* initial commit for Enea Linux 5.0 armTudor Florea2015-10-094074-0/+426612
Signed-off-by: Tudor Florea <tudor.florea@enea.com>