From e5c011b041dc27cdfeb840b6933dcb9752886bb9 Mon Sep 17 00:00:00 2001 From: Mariano Lopez Date: Fri, 8 Jan 2016 12:03:58 +0000 Subject: Add "CVE:" tag to current patches in OE-core The currnet patches in OE-core doesn't have the "CVE:" tag, now part of the policy of the patches. This is patch add this tag to several patches. There might be patches that I miss; the tag can be added in the future. (From OE-Core rev: 065ebeb3e15311d0d45385e15bf557b1c95b1669) Signed-off-by: Mariano Lopez Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch | 1 + meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch | 1 + meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch | 1 + meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch | 1 + meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch | 1 + meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch | 1 + meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch | 1 + 7 files changed, 7 insertions(+) (limited to 'meta/recipes-support') diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch index c9addca28e..f0667741c8 100644 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch @@ -11,6 +11,7 @@ git://git.gnupg.org/libgcrypt.git exponents in secure memory. Upstream-Status: Backport +CVE: CVE-2013-4242 Signed-off-by: Kai Kang -- diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch index b29ede4233..b50a32f40c 100644 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch @@ -1,4 +1,5 @@ Upstream-Status: Backport +CVE: CVE-2013-4351 Index: gnupg-1.4.7/g10/getkey.c =================================================================== diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch index b1a22f5853..5dcde1f9cb 100644 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch @@ -1,4 +1,5 @@ Upstream-Status: Backport +CVE: CVE-2013-4576 Index: gnupg-1.4.7/cipher/dsa.c =================================================================== diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch index 8b5d9a1693..362717636b 100644 --- a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch @@ -17,6 +17,7 @@ Date: Thu Dec 20 09:43:41 2012 +0100 (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa) Upstream-Status: Backport +CVE: CVE-2012-6085 Signed-off-by: Saul Wold diff --git a/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch b/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch index e4d09c2ac7..f4113efba9 100644 --- a/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch +++ b/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch @@ -8,6 +8,7 @@ We need to check that the parent node is an element before dereferencing its namespace Upstream-Status: Backport +CVE: CVE-2015-7995 https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617 diff --git a/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch b/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch index 3c4a00ef3e..61fa7e5692 100644 --- a/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch +++ b/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch @@ -10,6 +10,7 @@ The patch comes from https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 Upstream-Status: Backport +CVE: CVE-2014-9130 Signed-off-by: Yue Tao diff --git a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch b/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch index 2407771804..9b9980397a 100644 --- a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch +++ b/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch @@ -1,4 +1,5 @@ Upstream-Status: Backport +CVE: CVE-2012-2738 Signed-off-by: Ross Burton From e524b0b3bd8fad844ffa73927c199545b892cdbd Mon Sep 17 00:00:00 2001 -- cgit v1.2.3-54-g00ecf