]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 86838f1) | patch
shadow: fix CVE-2017-12424
authorChen Qi <Qi.Chen@windriver.com>
Wed, 16 Aug 2017 10:28:10 +0000 (18:28 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 17 Aug 2017 09:04:30 +0000 (10:04 +0100)
commit896495d4d2a9751e6e013a3498293b2443d7d809
tree10b8bcbad37497cc31f620991b6ab12a67dd46edtree | snapshot
parent86838f1c06002a62ded12a9a66d1eb82093c85a9commit | diff
shadow: fix CVE-2017-12424

Backport a patch to fix CVE-2017-12424.

In shadow before 4.5, the newusers tool could be made to manipulate
internal data structures in ways unintended by the authors.

link: https://nvd.nist.gov/vuln/detail/CVE-2017-12424
CVE: CVE-2017-12424

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424 [new file with mode: 0644] blob
meta/recipes-extended/shadow/shadow.inc diff | blob | history
Mirror of the official openembedded-core repository