code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Yi Zhao <yi.zhao@windriver.com>
	Sun, 26 Sep 2021 03:16:42 +0000 (11:16 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Sun, 26 Sep 2021 11:04:59 +0000 (12:04 +0100)
commit	1b857807f1cf8fee3175f8479a0c7cb1850bd9a9
tree	cd4d52b6288563b0e4a983dcba0636d8949d57d6	tree \| snapshot
parent	af19c44c4af68568de2ddb5c11d8ad34ac600522	commit \| diff

inetutils: fix CVE-2021-40491

CVE-2021-40491:
The ftp client in GNU Inetutils before 2.2 does not validate addresses
returned by PASV/LSPV responses to make sure they match the server
address. This is similar to CVE-2020-8284 for curl.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-40491

Patch from:
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/inetutils/inetutils_2.1.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom