]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 7195d21) | patch
libarchive: Security Advisory - libarchive - CVE-2015-2304
authorLi Zhou <li.zhou@windriver.com>
Fri, 24 Apr 2015 07:36:36 +0000 (15:36 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 15 May 2015 17:12:11 +0000 (18:12 +0100)
commitc944c1ee3f039979d93022bbbd76f61f57b1577f
tree348ce6d10b5ee558fccf2dc1d35937298a4b94ectree | snapshot
parent7195d219f7af2b94dffb87a94077ec98dacdcdb0commit | diff
libarchive: Security Advisory - libarchive - CVE-2015-2304

libarchive: Updated libarchive packages fix security vulnerability

Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio"
program part of the libarchive project, is susceptible to a directory
traversal vulnerability via absolute paths.

(From OE-Core master rev: e64a961e9c5e94e643896e4b68b85bd5b4c27470)

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/libarchive/libarchive/0001-Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch [new file with mode: 0644] blob
meta/recipes-extended/libarchive/libarchive_3.1.2.bb diff | blob | history
Mirror of the official openembedded-core repository