]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d1e0f3e) | patch
readline: Security Advisory - readline - CVE-2014-2524
authorKai Kang <kai.kang@windriver.com>
Wed, 15 Oct 2014 05:56:24 +0000 (13:56 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sat, 18 Oct 2014 14:12:56 +0000 (16:12 +0200)
commit0e95eef8817f51504dcc50d855dcbef172cfc897
tree8d04c637121d854d59979715c8b2ec2c71a19078tree | snapshot
parentd1e0f3e71ce9978ff0fc94d71e67b528dad84c5ccommit | diff
readline: Security Advisory - readline - CVE-2014-2524

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3
allows local users to create or overwrite arbitrary files via a symlink
attack on a /var/tmp/rltrace.[PID] file.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2524

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
meta/recipes-core/readline/readline-6.3/readline63-003 [new file with mode: 0644] blob
meta/recipes-core/readline/readline_6.3.bb diff | blob | history
Mirror of the official openembedded-core repository