Commmon distro layer for Enea Linux https://git.enea.com/cgit/linux/meta-el-common.git/atom?h=pyro 2018-10-29T11:00:01+00:00 2018-10-29T11:00:01+00:00 Dan Andresan Dan.Andresan@enea.com 2018-10-29T11:00:01+00:00 urn:sha1:6dfe6d721a12a0527364d810020f8ac5ae486e2f 2018-10-26T09:22:41+00:00 Dan Andresan Dan.Andresan@enea.com 2018-10-26T08:26:16+00:00 urn:sha1:ca46203a1fdcf2a83b1a4f41a8b5ef9eb2b787e6 libcroco in the upstream pyro is 0.6.11. CVE: CVE-2017-7961 Reference: CVE-2017-7961 https://gitlab.gnome.org/GNOME/libcroco/commit/9ad72875e9f08e4c519ef63d44cdbd94aa9504f7 Change-Id: I7769b73a81e012d52309e0f47b24d99b23eb4a05 Signed-off-by: Andreas Wellving <andreas.wellving@enea.com> Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com> 2018-10-25T13:26:08+00:00 Andreas Wellving andreas.wellving@enea.com 2018-09-13T10:57:35+00:00 urn:sha1:5b1da299fd7359849d2c4ffda796bba999bf8f7e CVE: CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000301 Curl in the upstream pyro is 7.53.1. CVE-2018-1000120 affected versions are 7.12.3 to and including 7.58.0 CVE-2018-1000121 affected versions are 7.21.0 to and including 7.58.0 CVE-2018-1000122 affected versions are 7.20.0 to and including 7.58.0 CVE-2018-1000301 affected versions are 7.20.0 to and including 7.59.0 Reference: CVE-2018-1000120 https://curl.haxx.se/CVE-2018-1000120.patch CVE-2018-1000121 https://curl.haxx.se/CVE-2018-1000121.patch CVE-2018-1000122 https://curl.haxx.se/CVE-2018-1000122.patch CVE-2018-1000301 https://curl.haxx.se/CVE-2018-1000301.patch Change-Id: I0b7269c83e1662ed16a1b216853c3b4408889954 Signed-off-by: Andreas Wellving <andreas.wellving@enea.com> Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com> 2018-03-02T12:38:13+00:00 Sona Sarmadi sona.sarmadi@enea.com 2018-02-22T10:17:17+00:00 urn:sha1:3794f1d384d9bb8d436b830f762eee8e5457fd64 HTTP/2 trailer out-of-bounds read An out-of-bounds read in code handling HTTP/2 trailers was found. This could lead to a denial-of-service or an information disclosure in some circumstances. Affected versions: libcurl 7.49.0 to and including 7.57.0 Upstream patch: https://github.com/curl/curl/commit/fa3dbb9a147488a294.patch Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-12-06T10:34:56+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-12-04T10:57:40+00:00 urn:sha1:c207a4bc5d80dae6cc430df04bddaceac04687e6 FTP wildcard out of bounds read References: https://curl.haxx.se/docs/adv_2017-ae72.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-12-06T10:34:56+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-12-04T10:57:39+00:00 urn:sha1:0d571b4ef52c14ca5ea8faa1d6ffb7ec4992f9e8 NTLM buffer overflow via integer overflow References: https://curl.haxx.se/docs/adv_2017-12e7.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-12-06T10:34:56+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-12-04T10:57:38+00:00 urn:sha1:fac9f6136eed7dcba3d09c04f58bdcc0694c7437 IMAP FETCH response out of bounds read References: https://curl.haxx.se/docs/adv_20171023.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-12-06T10:34:56+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-12-04T10:57:37+00:00 urn:sha1:be2fdb1cf46dfb5b14b98378ce5a5360afc734a7 FTP PWD response parser out of bounds read References: https://curl.haxx.se/docs/adv_20171004.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-11-24T14:06:10+00:00 Adrian Dudau adrian.dudau@enea.com 2017-11-23T13:42:39+00:00 urn:sha1:9793975ed89d6ca38bdee19ac228bb65d87c9f09 The patch is already applied in upstream poky/pyro. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-11-24T14:06:10+00:00 Adrian Dudau adrian.dudau@enea.com 2017-11-22T11:45:41+00:00 urn:sha1:897a7bfe82b0ddc5dee59c1d36fe8cf9fd7ce499 These CVEs have been fixed in upstream poky/pyro. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>