]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: a414b17) | patch
apt: fix for CVE-2014-0478
authorChong Lu <Chong.Lu@windriver.com>
Fri, 26 Sep 2014 01:49:19 +0000 (09:49 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 29 Sep 2014 16:49:10 +0000 (17:49 +0100)
commit3dd692fcf2b0c11731b3f30abdf2b1878458a898
tree5b0bb9632a200f53d99d96de67d056d50522d5c5tree | snapshot
parenta414b17e1d783ad68a2d0f7d5922967449c05797commit | diff
apt: fix for CVE-2014-0478

APT before 1.0.4 does not properly validate source packages, which allows
man-in-the-middle attackers to download and install Trojan horse packages
by removing the Release signature.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0478

Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch [new file with mode: 0644] blob
meta/recipes-devtools/apt/apt.inc diff | blob | history
Mirror of the official openembedded-core repository