]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 97b8197) | patch
inetutils: fix CVE-2021-40491
authorYi Zhao <yi.zhao@windriver.com>
Thu, 11 Nov 2021 12:57:23 +0000 (20:57 +0800)
committerAnuj Mittal <anuj.mittal@intel.com>
Mon, 22 Nov 2021 01:45:46 +0000 (09:45 +0800)
commit217e5f0857e0a542c4e02bbead4e91edc6eb9ecc
treebf257140ff34494d120f52e9940bfd7dc951a89etree | snapshot
parent97b819750b985f080c0e586aba0312bc0f62cdb9commit | diff
inetutils: fix CVE-2021-40491

CVE-2021-40491:
The ftp client in GNU Inetutils before 2.2 does not validate addresses
returned by PASV/LSPV responses to make sure they match the server
address. This is similar to CVE-2020-8284 for curl.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-40491

Patch from:
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd

(From OE-Core rev: 1b857807f1cf8fee3175f8479a0c7cb1850bd9a9)

drop changes to NEWS

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch [new file with mode: 0644] blob
meta/recipes-connectivity/inetutils/inetutils_2.0.bb diff | blob | history
Mirror of the official openembedded-core repository