]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 6899428) | patch
libarchive: Security Advisory - libarchive - CVE-2015-2304
authorLi Zhou <li.zhou@windriver.com>
Fri, 24 Apr 2015 07:36:36 +0000 (15:36 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 28 Apr 2015 06:56:00 +0000 (07:56 +0100)
commite64a961e9c5e94e643896e4b68b85bd5b4c27470
treea60d350aa1606b73064c72ea30a772de3cd596abtree | snapshot
parent68994284f3c059b737bfc5afc2600ebd09bdf47fcommit | diff
libarchive: Security Advisory - libarchive - CVE-2015-2304

libarchive: Updated libarchive packages fix security vulnerability

Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio"
program part of the libarchive project, is susceptible to a directory
traversal vulnerability via absolute paths.

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/libarchive/libarchive/0001-Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch [new file with mode: 0644] blob
meta/recipes-extended/libarchive/libarchive_3.1.2.bb diff | blob | history
Mirror of the official openembedded-core repository