Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=dizzy 2014-12-27T02:04:33+00:00 2014-12-27T02:04:33+00:00 Martin Jansa Martin.Jansa@gmail.com 2014-12-06T07:01:57+00:00 urn:sha1:4bf3c443a56749f332913d3435f1850ab8207a8e * this makes it easier to unblacklist it from local.conf which is parsed before the recipes Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2014-12-01T13:24:50+00:00 Roy Li rongqing.li@windriver.com 2014-10-30T05:37:26+00:00 urn:sha1:9167cec3d6f2ae63b3a407d70eb5137c19b993a7 Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5274 Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2014-12-01T13:24:50+00:00 Roy Li rongqing.li@windriver.com 2014-10-30T05:37:25+00:00 urn:sha1:59b1d88761ed98a2bd6a4ab4a68962773a473463 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5273 Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2014-12-01T13:24:50+00:00 Ben Shelton ben.shelton@ni.com 2014-10-29T14:39:07+00:00 urn:sha1:71fa1879f486f8ffb0be03744e8d27e9eaa5d693 In the commit 'openvpn: use default iproute2 path', the configure flag to explicitly set the iproute2 path was removed, since busybox now provides the 'ip' applet at the default path. However, setting this flag is necessary to bypass the configure-time check for /sbin/ip on the host, which will otherwise fail if iproute2 is not installed on the host. Add back the flag (pointing to the correct path), and add a comment to describe why this is necessary. Signed-off-by: Ben Shelton <ben.shelton@ni.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> 2014-10-30T08:07:58+00:00 Armin Kuster akuster808@gmail.com 2014-10-13T15:21:51+00:00 urn:sha1:3f7b49d039a169be88236e1b3e4bca25c6814284 * This is the first time meta-python is being taged with a release Acked-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> 2014-10-30T08:00:07+00:00 Yue Tao Yue.Tao@windriver.com 2014-10-23T08:29:15+00:00 urn:sha1:8d50adfe536f3dc94313318f834946e634441c8a Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3597 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> 2014-10-30T08:00:07+00:00 Yue Tao Yue.Tao@windriver.com 2014-10-23T08:29:14+00:00 urn:sha1:700078d6646c79a784cec2cb0a491687e3edd21b Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3587 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> 2014-10-30T08:00:07+00:00 Yue Tao Yue.Tao@windriver.com 2014-10-23T08:29:13+00:00 urn:sha1:81aecee0eda7600e6a6ae3f8264b2a1bc7a57f04 gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5120 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> 2014-10-27T11:50:09+00:00 Martin Jansa Martin.Jansa@gmail.com 2014-10-07T01:08:55+00:00 urn:sha1:0558ea06b14c45aabe04fa92df4f2765dac6aa49 Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> 2014-10-27T11:49:59+00:00 Eduardo Silva eduardo@monkey.io 2014-10-17T03:01:35+00:00 urn:sha1:39357871df157f2cb0013599758143fb006cfe9d This patch add the new Monkey HTTP Server v1.5.4. For more details about software changes please visit: http://monkey-project.com/Announcements/v1.5.4 === Build Tests == This version have been tested on Yocto/Daisy based on RPM. monkey-yocto/a617991e40bd5c3779ad7b3689f78857d3e45248 Signed-off-by: Eduardo Silva <eduardo@monkey.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>