code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Ross Burton <ross.burton@intel.com>
	Thu, 2 Oct 2014 10:31:54 +0000 (11:31 +0100)
committer	Paul Eggleton <paul.eggleton@linux.intel.com>
	Sun, 12 Oct 2014 20:29:14 +0000 (21:29 +0100)
commit	d57b9ce8bb97f88c329da973c3567d04d8eb07d2
tree	9a44038cac5402807099a0ff23373d6fa9f407db	tree \| snapshot
parent	bf2d5380808bb3e0ad470e7853e3ae20617bbfd6	commit \| diff

bash: fix CVE-2014-6271

CVE-2014-6271 aka ShellShock.

"GNU Bash through 4.3 processes trailing strings after function definitions in
the values of environment variables, which allows remote attackers to execute
arbitrary code via a crafted environment."

(From OE-Core master rev: 798d833c9d4bd9ab287fa86b85b4d5f128170ed3)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>

meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch	[new file with mode: 0644]	blob
meta/recipes-extended/bash/bash-4.2/cve-2014-6271.patch	[new file with mode: 0644]	blob
meta/recipes-extended/bash/bash_3.2.48.bb		diff \| blob \| history
meta/recipes-extended/bash/bash_4.2.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom