]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: e2032c5) | patch
cpio: fix CVE-2015-1197
authorRobert Yang <liezhi.yang@windriver.com>
Thu, 26 Mar 2015 09:18:09 +0000 (02:18 -0700)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 17 Apr 2015 21:38:34 +0000 (22:38 +0100)
commit68aaca0ff60a9cc770583d3dd89b0c4281b88675
treeec2213047e5d43a5be57b82a7d1c1986cceed8a0tree | snapshot
parente2032c5788f7a77aa0e4e8545b550551c23a25fbcommit | diff
cpio: fix CVE-2015-1197

Additional directory traversal vulnerability via symlinks
cpio CVE-2015-1197

Initial report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669
Upstream report:
https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html

And fix the indent in SRC_URI.

[YOCTO #7182]

(From OE-Core rev: af18ce070bd1c73f3619d6370928fe7e2e06ff5e)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-extended/cpio/cpio-2.11/cpio-CVE-2015-1197.patch [new file with mode: 0644] blob
meta/recipes-extended/cpio/cpio_2.11.bb diff | blob | history
Mirror of the official openembedded-core repository