From 3112f71d69204e618487250c400ad3bbf656d68e Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Wed, 21 Oct 2015 09:32:03 +0200
Subject: glibc/wscanf: CVE-2015-1472

Fixes a heap buffer overflow in glibc wscanf.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html
http://openwall.com/lists/oss-security/2015/02/04/1

Reference to upstream fix:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;
h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
---
 meta/recipes-core/glibc/glibc_2.20.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-core/glibc/glibc_2.20.bb')

diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb
index a0736cdeec..cfbc1c2956 100644
--- a/meta/recipes-core/glibc/glibc_2.20.bb
+++ b/meta/recipes-core/glibc/glibc_2.20.bb
@@ -48,6 +48,7 @@ CVEPATCHES = "\
         file://CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch \
         file://CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch \
         file://CVE-2014-9402_endless-loop-in-getaddr_r.patch \
+        file://CVE-2015-1472-wscanf-allocates-too-little-memory.patch \
     "
 LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
       file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-- 
cgit v1.2.3-54-g00ecf