| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
__gconv_translit_find: Disable function [BZ #17187]
This functionality has never worked correctly, and the implementation
contained a security vulnerability (CVE-2014-5119).
(From OE-Core rev: 3f0a4551969798803e019435f1f4b5e8f88bea1a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
|
|
|
|
|
|
|
|
|
| |
Fixes an out of bounds memory access flaw
in Qemu's IDE device model
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2894
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2014-8484
CVE-2014-8485
CVE-2014-8501
CVE-2014-8502
CVE-2014-8503
CVE-2014-8504
CVE-2014-8737
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A denial of service flaw was found in the way BIND followed DNS
delegations. A remote attacker could use a specially crafted zone
containing a large number of referrals which, when looked up and
processed, would cause named to use excessive amounts of memory
or crash.
External References:
===================
https://kb.isc.org/article/AA-01216/74/CVE-2014-8500%3A-A-Defect-in-\
Delegation-Handling-Can-Be-Exploited-to-Crash-BIND.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
| |
Fix no-ssl3 configuration option
This patch is a backport from OpenSSL_1.0.1j.
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
|
|
|
|
|
|
|
|
| |
Fix for session tickets memory leak.
This patch is a backport from OpenSSL_1.0.1j.
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
|
|
|
|
|
|
|
|
| |
Fix for SRTP Memory Leak
This patch is a backport from OpenSSL_1.0.1j.
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
|
|
|
|
|
|
|
|
| |
OpenSSL_1.0.1 SSLV3 POODLE VULNERABILITY (CVE2014-3566)
This patch is a backport from OpenSSL_1.0.1j.
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
|
|
|
|
| |
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
|
|
|
|
|
|
|
|
|
|
| |
1) DTLS invalid fragment vulnerability (CVE-2014-0195)
2) DTLS recursion flaw (CVE-2014-0221)
3) SSL/TLS MITM vulnerability (CVE-2014-0224)
4) Anonymous ECDH denial of service (CVE-2014-3470)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
|
|
Migrated from the internal git server on the daisy-enea branch
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|