]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 9ab2fc3) | patch
gnupg: integrate fix for CVE-2012-6085
authorRoss Burton <ross.burton@intel.com>
Mon, 29 Apr 2013 13:47:22 +0000 (14:47 +0100)
committerRoss Burton <ross.burton@intel.com>
Mon, 29 Apr 2013 13:56:03 +0000 (14:56 +0100)
commit44ed6605c1978325782d229d0c01329465c4c5c7
tree4b8ca55601cb689413ecbd7bb61348bab31bc41ftree | snapshot
parent9ab2fc380fe8b6e48c6501a4630cc3c583ed2da5commit | diff
gnupg: integrate fix for CVE-2012-6085

From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6085:
"The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x
through 2.0.19, when importing a key, allows remote attackers to corrupt the
public keyring database or cause a denial of service (application crash) via a
crafted length field of an OpenPGP packet."

Patch taken from upstream git, which is identical in both branches.

Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch [new file with mode: 0644] blob
meta/recipes-support/gnupg/gnupg_1.4.7.bb diff | blob | history
meta/recipes-support/gnupg/gnupg_2.0.19.bb diff | blob | history
Mirror of the official openembedded-core repository