From 57e2046e575c85d5963b108792a28fc166329234 Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Fri, 20 Feb 2015 11:37:37 +0100
Subject: eglibc: CVE-2014-9402 denial of service in getnetbyname

getnetbyname function in eglibc 2.21 and earlier will
enter an infinite loop if the DNS backend is activated
in the system Name Service Switch configuration, and the
DNS resolver receives a positive answer while processing
the networkname.

Reference
https://sourceware.org/bugzilla/show_bug.cgi?id=17630

Changes in the NEWS and ChangeLog files from the original upstream
commit have been ignored

Upstream commit that fixes this issue:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;
h=11e3417af6e354f1942c68a271ae51e892b2814d

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
 meta/recipes-core/eglibc/eglibc_2.19.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-core/eglibc/eglibc_2.19.bb')

diff --git a/meta/recipes-core/eglibc/eglibc_2.19.bb b/meta/recipes-core/eglibc/eglibc_2.19.bb
index 1ef1a429d2..a0c605c7c7 100644
--- a/meta/recipes-core/eglibc/eglibc_2.19.bb
+++ b/meta/recipes-core/eglibc/eglibc_2.19.bb
@@ -28,6 +28,7 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/eglibc/eglibc-${PV}-svnr25
            file://CVE-2014-5119.patch \
            file://CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch \
            file://CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch \
+           file://CVE-2014-9402_endless-loop-in-getaddr_r.patch \
           "
 SRC_URI[md5sum] = "197836c2ba42fb146e971222647198dd"
 SRC_URI[sha256sum] = "baaa030531fc308f7820c46acdf8e1b2f8e3c1f40bcd28b6e440d1c95d170d4c"
-- 
cgit v1.2.3-54-g00ecf