]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 42660b3) | patch
lrzsz: fix CVE-2018-10195
authorRoss Burton <ross.burton@intel.com>
Tue, 11 Sep 2018 09:37:40 +0000 (10:37 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 27 Sep 2018 11:16:47 +0000 (12:16 +0100)
commit0a1ff2a8df4a4033b23ce1513ec02711005d6883
tree9c3676312962443d9eb2597c69b5be65ededf559tree | snapshot
parent42660b3817396c24d1ecac02339f4d9ae6b146b5commit | diff
lrzsz: fix CVE-2018-10195

"Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak
information to receiver."

Take a patch from Fedora to resolve CVE-2018-10195.

(From OE-Core rev: a7b50fcee9a295de57f743fa3637905992da722e)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-bsp/lrzsz/lrzsz-0.12.20/cve-2018-10195.patch [new file with mode: 0644] blob
meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb diff | blob | history
Mirror of the official openembedded-core repository