code.ossystems Code Review - openembedded-core.git/commit

bash: CVE-2016-0634

A vulnerability was found in a way bash expands the $HOSTNAME.
Injecting the hostname with malicious code would cause it to run
each time bash expanded \h in the prompt string.

Porting patch from <https://ftp.gnu.org/gnu/bash/bash-4.3-patches/
bash43-047> to solve CVE-2016-0634

CVE: CVE-2016-0634

(From OE-Core rev: 7dd6aa1a4bf6e9fc8a1998cda6ac5397bb5cd5cb)

(From OE-Core rev: a4b37b05140b549960baef49237ce3316e84a041)

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

author	Zhixiong Chi <zhixiong.chi@windriver.com>
	Thu, 20 Apr 2017 07:04:54 +0000 (15:04 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 29 Aug 2017 14:11:37 +0000 (15:11 +0100)
commit	a75c9657f785be3b2d14b10a7044105329c88e8a
tree	c69d15618dcc651983777a9a94fa297cd6ef4a75	tree \| snapshot
parent	25b87ebfce7216b18e85b6bc5fc7f20bcf4cf31d	commit \| diff