]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 3c58712) | patch
dpkg: upgrade to 1.17.25
authorRoy Li <rongqing.li@windriver.com>
Wed, 29 Apr 2015 08:09:38 +0000 (16:09 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 30 Apr 2015 22:01:28 +0000 (23:01 +0100)
commit079445990f51f98c8d4f9397dec0ed91ca2490c3
treed70b2a8f9ed964c74996ff2234183ed2f0eb468dtree | snapshot
parent3c58712465494e441c4036a7cf21d2e6d343efabcommit | diff
dpkg: upgrade to 1.17.25

upgrade to fix two CVE defects: CVE-2014-8625 and CVE-2015-0840

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8625

Multiple format string vulnerabilities in the parse_error_msg
function in parsehelp.c in dpkg before 1.17.22 allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via format string specifiers in the (1) package or (2)
architecture name.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before
1.17.25 allows remote attackers to bypass signature verification
via a crafted Debian source control file (.dsc).

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/dpkg/dpkg_1.17.25.bb [moved from meta/recipes-devtools/dpkg/dpkg_1.17.21.bb with 81% similarity] diff | blob | history
Mirror of the official openembedded-core repository