]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 7538a9c) | patch
logrotate: fix for CVE-2011-1548
authorWenzong Fan <wenzong.fan@windriver.com>
Tue, 18 Jun 2013 02:28:50 +0000 (22:28 -0400)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 25 Jun 2013 16:30:32 +0000 (17:30 +0100)
commitd0e3fc1b28fc16200adbe690aa27124041036ba3
tree6f94ec91728e77765538bdb3fd3a96a574d28b3ftree | snapshot
parent7538a9cd0c6f0216ef95956ad86e2f88ebd4c8eacommit | diff
logrotate: fix for CVE-2011-1548

If a logfile is a symlink, it may be read when being compressed, being
copied (copy, copytruncate) or mailed. Secure data (eg. password files)
may be exposed.

Portback nofollow.patch from:
http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch [new file with mode: 0644] blob
meta/recipes-extended/logrotate/logrotate_3.8.1.bb diff | blob | history
Mirror of the official openembedded-core repository