Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=jethro-14.0.1 2016-02-24T09:04:22+00:00 2016-02-24T09:04:22+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2016-02-24T09:04:05+00:00 urn:sha1:b1f23d1254682866236bfaeb843c0d8aa332efc2 (From OE-Core rev: 0c702756dd0009c4112028fbf2479a346867b32c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-21T09:37:33+00:00 Armin Kuster akuster@mvista.com 2016-02-10T16:14:19+00:00 urn:sha1:7fe17a2942ff03e2ec47d566fd5393f52b2eb736 CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write (From OE-Core rev: 646a8cfa5398a22062541ba9c98539180ba85d58) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-21T09:37:33+00:00 Armin Kuster akuster@mvista.com 2016-02-10T16:12:59+00:00 urn:sha1:50700a7da68489e6d3bc8a3336875d8274302ea9 CVE-2016-2197 Qemu: ide: ahci null pointer dereference when using FIS CLB engines (From OE-Core rev: ca7cbcf22558349f0b43ed7dc84ad38d7c178c55) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-21T09:37:33+00:00 Armin Kuster akuster@mvista.com 2016-02-13T17:34:00+00:00 urn:sha1:1f0e615becfd0137e1ce13f79a2b81276b385b85 CVE-2015-7511 libgcrypt: side-channel attack on ECDH with Weierstrass curves affects libgcrypt < 1.6.5 Patch 1 is a dependancy patch. simple macro name change. Patch 2 is the cve fix. (From OE-Core rev: c691ce99bd2d249d6fdc4ad58300719488fea12c) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-21T09:37:33+00:00 Armin Kuster akuster@mvista.com 2016-02-10T23:46:01+00:00 urn:sha1:dc5f155e159b1186cccc022f402a6af75e322916 CVE-2016-2225 Make sure to always terminate decoded string This change is being provide to comply to Yocto compatiblility. (From OE-Core rev: 093d76f3f4a385aae46304bd572ce1545c6bcf33) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-21T09:37:32+00:00 Armin Kuster akuster@mvista.com 2016-02-10T23:42:34+00:00 urn:sha1:ef135112fde82f653e83f8f1ef473c38fda7119a CVE-2016-2224 Do not follow compressed items forever. This change is being provide to comply to Yocto compatiblity. (From OE-Core rev: 4fe0654253d7444f2c445a30b06623cef036b2bb) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-18T10:57:11+00:00 Armin Kuster akuster@mvista.com 2016-02-12T00:20:34+00:00 urn:sha1:ae57ea03c6a41f2e3b61e0c157e32ca7df7b3c4b CVE-2016-2090 Heap buffer overflow in fgetwln function of libbsd affects libbsd <= 0.8.1 (and therefore not needed in master) (From OE-Core rev: e56aba3a822f072f8ed2062a691762a4a970a3f0) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-18T07:42:07+00:00 Armin Kuster akuster@mvista.com 2016-02-17T19:02:14+00:00 urn:sha1:eb9666a3e2ee659fc47cd137205299eb6b6d817a CVE-2015-7547: getaddrinfo() stack-based buffer overflow (From OE-Core rev: cf754c5c806307d6eb522d4272b3cd7485f82420) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-07T22:57:07+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2016-02-07T22:57:00+00:00 urn:sha1:5b12268f6e17574999f91628a60e21711cf62ee4 (From OE-Core rev: 05e551d821594b0f4c06328386b6a82e0801ac2a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-07T22:55:24+00:00 Armin Kuster akuster@mvista.com 2016-02-05T16:58:42+00:00 urn:sha1:a3a374a639b5d3c0be1e73d23615231dfc0798ce CVE-2016-0755 curl: NTLM credentials not-checked for proxy connection re-use (From OE-Core rev: 8322814c7f657f572d5c986652e708d6bd774378) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>