code.ossystems Code Review - openembedded-core.git/commit

author	Yi Zhao <yi.zhao@windriver.com>
	Fri, 21 Feb 2020 20:59:42 +0000 (22:59 +0200)
committer	Anuj Mittal <anuj.mittal@intel.com>
	Wed, 26 Feb 2020 03:15:34 +0000 (11:15 +0800)
commit	f0c7e7d03d1e9f7426031acdde3f7452118edd8c
tree	833286116fcd9059b7aad16527649b493586d9b9	tree \| snapshot
parent	53b94d0bc839eda408d90e15937746871b7546e3	commit \| diff

ppp: Security fix CVE-2020-8597

CVE-2020-8597: eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname
buffer overflow in the eap_request and eap_response functions.

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-8597

Patch from:
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426

(From OE-Core rev: b01505e018ff46f1af34f98219d55f4ca700cd5a)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/ppp/ppp_2.4.7.bb		diff \| blob \| history