]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d3b5f34) | patch
librepo: fix CVE-2020-14352
authorMinjae Kim <flowergom@gmail.com>
Wed, 3 Mar 2021 11:53:07 +0000 (20:53 +0900)
committerSteve Sakoman <steve@sakoman.com>
Fri, 5 Mar 2021 14:40:00 +0000 (04:40 -1000)
commitf0df1ff1de6ca9a239d7eafd335b753d6a6e6471
treebb813962d3ae77155caaf727ad14f44ebfeedb9ctree | snapshot
parentd3b5f34efbfb9b2db961a649da5ba6b275db5e0bcommit | diff
librepo: fix CVE-2020-14352

librepo: missing path validation in repomd.xml may lead to directory traversal

Upstream-Status: Acepted [https://github.com/rpm-software-management/librepo/commit/7daea2a2429a54dad68b1de9b37a5f65c5cf2600]
CVE: CVE-2020-14352
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/librepo/librepo/CVE-2020-14352.patch [new file with mode: 0644] blob
meta/recipes-devtools/librepo/librepo_1.11.2.bb diff | blob | history
Mirror of the official openembedded-core repository