xz: fix CVE-2022-1271 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Ralph Siemsen <ralph.siemsen@linaro.org>	2022-04-08 22:16:33 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-04-22 16:12:18 +0100
commit	b19991bf95a98985210b5101b313b5ac598226b9 (patch)
tree	9b72a7ba38106100248dee71800f19e8559d3a0a /scripts/pybootchartgui/pybootchartgui.py
parent	401c83d4f881d0e3d0b4feb9c9f5b75f956844d2 (diff)
download	poky-b19991bf95a98985210b5101b313b5ac598226b9.tar.gz

xz: fix CVE-2022-1271

Malicious filenames can make xzgrep to write to arbitrary files or (with a GNU sed extension) lead to arbitrary code execution. Upstream-Status: Backport [https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch] CVE: CVE-2022-1271 (From OE-Core rev: dd6239a0f6173115968278cfd58a5efa228aee7d) Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 97bf86ccde4417daec8ef3945071a50a09134bc6) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/pybootchartgui/pybootchartgui.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: