]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 9db3b4a) | patch
inetutils: fix CVE-2021-40491
authorMinjae Kim <flowergom@gmail.com>
Sat, 18 Dec 2021 06:08:23 +0000 (22:08 -0800)
committerSteve Sakoman <steve@sakoman.com>
Sat, 18 Dec 2021 16:27:09 +0000 (06:27 -1000)
commit22de3b937dda28a6aa4113549f32f36d67b6751d
tree22fa1bf145e48955cfadf537f5ca0de6cdbfaf17tree | snapshot
parent9db3b4ac4018bcaedb995bc77a9e675c2bca468fcommit | diff
inetutils: fix CVE-2021-40491

The ftp client in GNU Inetutils before 2.2 does not validate addresses
returned by PASV/LSPV responses to make sure they match the server
address. This is similar to CVE-2020-8284 for curl.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-40491

Patch from:
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd

Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch [new file with mode: 0644] blob
meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb diff | blob | history
Mirror of the official openembedded-core repository