From a75936df894f92f225f9545d0b5f2d65f5020184 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Tue, 11 Sep 2018 10:37:40 +0100
Subject: lrzsz: fix CVE-2018-10195

"Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak
information to receiver."

Take a patch from Fedora to resolve CVE-2018-10195.

(From OE-Core rev: a7b50fcee9a295de57f743fa3637905992da722e)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb')

diff --git a/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb b/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
index 4b349be32f..002c774c6d 100644
--- a/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
+++ b/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
@@ -19,6 +19,7 @@ SRC_URI = "http://www.ohse.de/uwe/releases/lrzsz-${PV}.tar.gz \
 	   file://acdefine.patch \
 	   file://lrzsz_fix_for_automake-1.12.patch \
            file://lrzsz-check-locale.h.patch \
+           file://cve-2018-10195.patch \
            "
 
 SRC_URI[md5sum] = "b5ce6a74abc9b9eb2af94dffdfd372a4"
-- 
cgit v1.2.3-54-g00ecf