Add "CVE:" tag to current patches in OE-core

The currnet patches in OE-core doesn't have the "CVE:"
tag, now part of the policy of the patches.

This is patch add this tag to several patches. There might
be patches that I miss; the tag can be added in the future.

Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

diff --git a/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
index f9252e9c222b22de628163070684bb0d0b038910..65ddcaf128b363d77ce73c13805c048a6fe43afb 100644 (file)
--- a/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
+++ b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
@@ -1,4 +1,5 @@
 Upstream-Status: Accepted
+CVE: CVE-2015-8370
 Signed-off-by: Awais Belal <awais_belal@mentor.com>
 
 From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001

diff --git a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
index c9edb30597c6fae0c4f2608af3bb89bd48bb9ee5..c5a0be86f5c245a4b1c3bc72efe894d2557d8137 100644 (file)
--- a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
+++ b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
@@ -3,6 +3,7 @@ ppp: Buffer overflow in radius plugin
 From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450
 
 Upstream-Status: Backport
+CVE: CVE-2015-3310
 
 On systems with more than 65535 processes running, pppd aborts when
 sending a "start" accounting message to the RADIUS server because of a

diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch
index 72f77cc6bddef690fc2feca23f7ae3cab0ee4c32..b904e46bdaf465f96d3664bc4faaa67733ca719f 100644 (file)
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch
@@ -4,6 +4,7 @@ Date: Fri, 6 Feb 2015 12:46:39 -0500
 Subject: [PATCH] libext2fs: fix potential buffer overflow in closefs()
 
 Upstream-Status: Backport
+CVE: CVE-2015-1572
 
 The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if
 s_first_meta_bg is too big" had a typo in the fix for

diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch
index 4de67c9704e81e76f34b34d9393497c868d8540d..5b6346b15079c9d2bd7ecc29d97fb3f5726377dc 100644 (file)
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch
@@ -11,8 +11,8 @@ fs->desc_blocks.  This doesn't correct the bad s_first_meta_bg value,
 but it avoids causing the e2fsprogs userspace programs from
 potentially crashing.
 
-Fixes CVE-2015-0247
 Upstream-Status: Backport
+CVE: CVE-2015-0247
 
 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>

diff --git a/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch b/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch
index 84e8ddcca72f20387925366cf130e88931641c87..deba45fa864d592ed9ad690bc171bfb94973a02c 100644 (file)
--- a/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch
+++ b/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch
@@ -7,6 +7,7 @@ this patch is from:
  https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
 
 Upstream-Status: Backport
+CVE: CVE-2014-9447
 
 Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
 ---

diff --git a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch
index b107e8f047dbd03ea3c150aece1b4b9240b83ae5..a2691f6da83a85ca590a8f8bd577616e1e40c143 100644 (file)
--- a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch
+++ b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch
@@ -4,6 +4,7 @@ Date: Wed, 10 Jun 2015 14:36:56 +0000
 Subject: [PATCH 2/2] rpm: CVE-2013-6435
 
 Upstream-Status: Backport
+CVE: CVE-2013-6435
 
 Reference:
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6435

diff --git a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch
index bf1795ca49f9082a467b5abbbe4d9de080553ab7..985f150f0fe83b2e96a072f9abe6f822dc3184bc 100644 (file)
--- a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch
+++ b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch
@@ -4,6 +4,7 @@ Date: Wed, 10 Jun 2015 12:56:55 +0000
 Subject: [PATCH 1/2] rpm: CVE-2014-8118
 
 Upstream-Status: Backport
+CVE: CVE-2014-8118
 
 Reference:
 https://bugzilla.redhat.com/show_bug.cgi?id=1168715

diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
index f054452f37f2da09d2ff327ec99f1e1daf48c00c..bea325ea05dee12457ec6398894c37522843814e 100644 (file)
--- a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
+++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
@@ -1,4 +1,5 @@
 Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
+CVE: CVE-2007-4091
 
 The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
 address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091

diff --git a/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch b/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch
index 5ece5420a3adac2a44eff48fce8da4041dd4bccb..19e7f3916776dd053afcf2126c90333ea06074e2 100644 (file)
--- a/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch
+++ b/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch
@@ -6,6 +6,7 @@ Subject: [PATCH] Complain if an inc-recursive path is not right for its dir.
  trasnfer path.
 
 Upstream-Status: BackPort
+CVE: CVE-2014-9512
 
 Fix the CVE-2014-9512, rsync 3.1.1 allows remote attackers to write to arbitrary
 files via a symlink attack on a file in the synchronization path.

diff --git a/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch b/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch
index 1fcac490aeb09e03d34f565522f04e20debb7953..c86f478ef1a9849f4fde50b70d063436c467b593 100644 (file)
--- a/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch
+++ b/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch
@@ -5,6 +5,7 @@ Subject: [PATCH 1/1] Add compat flag to allow proper seed checksum order.
  Fixes the equivalent of librsync's CVE-2014-8242 issue.
 
 Upstream-Status: Backport
+CVE: CVE-2014-8242
 
 Signed-off-by: Roy Li <rongqing.li@windriver.com>
 ---

diff --git a/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch b/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch
index 8f719ad8d6841e18fc02428fd467823680f0c704..5c999197ff1e603467b2ad655f7c272b506e78cd 100644 (file)
--- a/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch
+++ b/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch
@@ -11,6 +11,7 @@ Author: Vitezslav Cizek <vcizek@suse.cz>
 Bug-Debian: https://bugs.debian.org/774669
 
 Upstream-Status: Pending
+CVE: CVE-2015-1197
 Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
 Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
 

diff --git a/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch b/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch
index 49a7cf52a6f77a4d0ed64a7501b81839b3fb3f9d..a31573510aef3a7fd235c2298095e0378ef721e9 100644 (file)
--- a/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch
+++ b/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch
@@ -1,4 +1,5 @@
 Upstream-Status: Inappropriate [bugfix: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624]
+CVE: CVE-2010-0624
 
 This patch avoids heap overflow reported by :
 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624

diff --git a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
index 059d0687b3fe8433804ac8fb514deac3154d628a..721f2a0a6347e163fee51a5bfab777f28e04ebe8 100644 (file)
--- a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
+++ b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
@@ -10,6 +10,7 @@ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5667
 Upstream-Status: Inappropriate [other]
 This version of GNU Grep has been abandoned upstream and they are no longer
 accepting patches.  This is not a backport.
+CVE: CVE-2012-5667
 
 Signed-off-by Ming Liu <ming.liu@windriver.com>
 ---

diff --git a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch
index 126f80e0443f9b883103ddcab650ef01cabb1b3a..19523f4b89ae2674360712c9264220261eeadada 100644 (file)
--- a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch
+++ b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch
@@ -6,6 +6,7 @@ Subject: [PATCH] Fix CVE-2013-0211
 This patch comes from:https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4
 
 Upstream-Status: Backport
+CVE: CVE-2013-0211
 
 Signed-off-by: Baogen shang <baogen.shang@windriver.com>
 

diff --git a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch
index 4ca779c40f53743e71334c01b38f1f6a4187b32a..5c24396354c736e314129872c02064ab9c1bbf09 100644 (file)
--- a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch
+++ b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch
@@ -7,6 +7,7 @@ This fixes a directory traversal in the cpio tool.
 
 
 Upstream-Status: backport
+CVE: CVE-2015-2304
 
 Signed-off-by: Li Zhou <li.zhou@windriver.com>
 ---

diff --git a/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch b/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch
index 5d616458bc44981cd759cfcbc40938807b37ed06..13b955c4b5c85a80a6c269bc0b22173ced4519f0 100644 (file)
--- a/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch
+++ b/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch
@@ -13,6 +13,7 @@ This patch is taken from
 ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz
 
 Upstream-Status: Inappropriate [upstream is dead]
+CVE: CVE-2014-7844
 ---
  mailx.1 | 14 ++++++++++++++
  names.c |  3 +++

diff --git a/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch b/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch
index f65cfa8ca770c2ee0e48380dd441a3e1fcbe9dd2..ae14b8acfe5472a0bc06ba70973864d30f7f4066 100644 (file)
--- a/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch
+++ b/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch
@@ -7,6 +7,7 @@ This patch is taken from
 ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz
 
 Upstream-Status: Inappropriate [upstream is dead]
+CVE: CVE-2004-2771
 ---
  fio.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch b/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch
index f156290bf6e79ec70536783366352866aea66b33..741a99035cb735d78f01c916a16f285e1f247825 100644 (file)
--- a/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch
+++ b/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch
@@ -36,6 +36,7 @@ Date:   Thu Aug 6 16:27:20 2015 +0200
     Signed-off-by: Olaf Kirch <okir@...e.de>
 
     Upstream-Status: Backport
+    CVE: CVE-2015-7236
 
     Signed-off-by: Li Zhou <li.zhou@windriver.com>
 ---

diff --git a/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch b/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch
index 2bc9a59beaf307a448c9d71440b41f477a45c8b8..4ac820fde2725ae21979b2d4bc0005369daa70d2 100644 (file)
--- a/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch
+++ b/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch
@@ -10,6 +10,7 @@ This is time consuming and will overflow stack if n is huge.
 Fixes CVE-2015-6806
 
 Upstream-Status: Backport
+CVE: CVE-2015-6806
 
 Signed-off-by: Kuang-che Wu <kcwu@csie.org>
 Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>

diff --git a/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch b/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch
index da2ae3cb0f9e3b1c2fbffe10ebd46d53118fe49e..af5026f5292d34f13ed0f3a00ba72a0bb00ebc0c 100644 (file)
--- a/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch
+++ b/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch
@@ -1,4 +1,5 @@
 Upstream-Status: Inappropriate [bugfix: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624]
+CVE: CVE-2010-0624
 
 This patch avoids heap overflow reported by :
 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624

diff --git a/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch
index 9ba3c1dc627137be6d4787e6d9ea2ea7fd0eeece..afc4c734a755df7167325129a823767732cfd2b6 100644 (file)
--- a/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch
+++ b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch
@@ -3,6 +3,7 @@ Subject: unzip files encoded with non-latin, non-unicode file names
 Last-Update: 2015-02-11
 
 Upstream-Status: Backport
+CVE: CVE-2015-1315
 
 Updated 2015-02-11 by Marc Deslauriers <marc.deslauriers@canonical.com>
 to fix buffer overflow in charset_to_intern()

diff --git a/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
index e137f0dc76cf65a5e6ced554460c9fff2e8c29f4..0e497cc65fb3f181de5e1b14d094f55dcfc44a6c 100644 (file)
--- a/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
+++ b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
@@ -5,6 +5,7 @@ Bug-Debian: http://bugs.debian.org/773722
 The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
 
 Upstream-Status: Backport
+CVE: CVE-2014-8139
 
 Signed-off-by: Roy Li <rongqing.li@windriver.com>
 

diff --git a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
index edc7d515b0d7d94bf0510a78e70dd568c20488b9..c989df18965af3e28d3af887a281833d82f4d354 100644 (file)
--- a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
+++ b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
@@ -5,6 +5,7 @@ Bug-Debian: http://bugs.debian.org/773722
 The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
 
 Upstream-Status: Backport
+CVE: CVE-2014-8140
 
 Signed-off-by: Roy Li <rongqing.li@windriver.com>
 

diff --git a/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch b/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch
index d0c1db392523b2775e843b04f41ba562e16ff496..c48c23f30462b6861a2f0288e11b38de7c40b46d 100644 (file)
--- a/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch
+++ b/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch
@@ -5,6 +5,7 @@ Bug-Debian: http://bugs.debian.org/773722
 The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
 
 Upstream-Status: Backport
+CVE: CVE-2014-8141
 
 Signed-off-by: Roy Li <rongqing.li@windriver.com>
 

diff --git a/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch b/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch
index ea93823cbea1779471a3c1ac091b1bb763f31388..87eed965d033bfc988b4bbca8ab3873dcd7b1dc7 100644 (file)
--- a/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch
+++ b/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch
@@ -1,4 +1,5 @@
 Upstream-Status: Backport
+CVE: CVE-2015-7696
 Signed-off-by: Tudor Florea <tudor.flore@enea.com>
 
 From 68efed87fabddd450c08f3112f62a73f61d493c9 Mon Sep 17 00:00:00 2001

diff --git a/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch b/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch
index da68988338329cced5f8b89de25daa6e0ce861da..a8f293674b98040e505aad952c7b56c918f7644a 100644 (file)
--- a/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch
+++ b/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch
@@ -1,4 +1,5 @@
 Upstream-Status: Backport
+CVE: CVE-2015-7697
 Signed-off-by: Tudor Florea <tudor.flore@enea.com>
 
 From bd8a743ee0a77e65ad07ef4196c4cd366add3f26 Mon Sep 17 00:00:00 2001

diff --git a/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch b/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch
index 0a0bfbbb17bf8a1ad2a277cdfc284171bc0a53a2..5fcd318b253f55fbba5e3bcb820f4283bc6c1124 100644 (file)
--- a/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch
+++ b/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch
@@ -4,6 +4,7 @@ Date: Wed, 11 Feb 2015
 Subject: Info-ZIP UnZip buffer overflow
 
 Upstream-Status: Backport
+CVE: CVE-2014-9636
 
 By carefully crafting a corrupt ZIP archive with "extra fields" that
 purport to have compressed blocks larger than the corresponding

diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
index 0542dbe83505ef06da9430b8b4be580f477cdc83..c44c5a113fd521b62655f7853309c2c361169060 100644 (file)
--- a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
@@ -9,6 +9,7 @@ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342
 the patch come from:
 https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff
 
+CVE: CVE-2013-4342
 Signed-off-by: Li Wang <li.wang@windriver.com>
 ---
  xinetd/builtins.c |    2 +-

diff --git a/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch
index 1e31caa90adf673e1b455558dd5869b5b71b6126..94213a74ef8b8b28e17b84b851158df48684874a 100644 (file)
--- a/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch
+++ b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch
@@ -1,4 +1,5 @@
 Upstream-Status: Backport
+CVE: CVE-2014-9676
 
 Backport patch to fix CVE-2014-9676.
 

diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
index c9addca28e8b7406ec0c17e3f0c89a91e14de1d0..f0667741c820ad44abfc832cc523ea27beae03de 100644 (file)
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
@@ -11,6 +11,7 @@ git://git.gnupg.org/libgcrypt.git
 exponents in secure memory.
 
 Upstream-Status: Backport
+CVE: CVE-2013-4242
 
 Signed-off-by: Kai Kang <kai.kang@windriver.com>
 --

diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
index b29ede4233fc682ec0110749cd4b90f59bfaeb5a..b50a32f40c38367b84816f18ac6df77844d68944 100644 (file)
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
@@ -1,4 +1,5 @@
 Upstream-Status: Backport
+CVE: CVE-2013-4351
 
 Index: gnupg-1.4.7/g10/getkey.c
 ===================================================================

diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
index b1a22f5853080d7d192db404cc6ac52f347e1544..5dcde1f9cb221883b920f14225cca9b783856b08 100644 (file)
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
@@ -1,4 +1,5 @@
 Upstream-Status: Backport
+CVE: CVE-2013-4576
 
 Index: gnupg-1.4.7/cipher/dsa.c
 ===================================================================

diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
index 8b5d9a1693078149a5bb18ba93c0bc8a707b5713..362717636ba23d0b276291e1012517abbea95be0 100644 (file)
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
@@ -17,6 +17,7 @@ Date:   Thu Dec 20 09:43:41 2012 +0100
     (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
 
 Upstream-Status: Backport
+CVE: CVE-2012-6085
 
 Signed-off-by: Saul Wold <sgw@linux.intel.com>
 

diff --git a/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch b/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch
index e4d09c2ac765e312fca899bcd73fd3c0e7bb6231..f4113efba9f5425524d4507ec9aa91f0eab1cc1a 100644 (file)
--- a/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch
+++ b/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch
@@ -8,6 +8,7 @@ We need to check that the parent node is an element before dereferencing
 its namespace
 
 Upstream-Status: Backport
+CVE: CVE-2015-7995
 
 https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617
 

diff --git a/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch b/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch
index 3c4a00ef3e1977cedb1b4dfb119d5b07a66db07d..61fa7e5692e1d2d0d7696d5a3fbd2f696faa8c04 100644 (file)
--- a/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch
+++ b/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch
@@ -10,6 +10,7 @@ The patch comes from
 https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
 
 Upstream-Status: Backport
+CVE: CVE-2014-9130
 
 Signed-off-by: Yue Tao <yue.tao@windriver.com>
 

diff --git a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch b/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
index 240777180416c86459cb3aed9a961380539c79f1..9b9980397a935398dba0dc53f94a78f1f6ff84c1 100644 (file)
--- a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
+++ b/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
@@ -1,4 +1,5 @@
 Upstream-Status: Backport
+CVE: CVE-2012-2738
 Signed-off-by: Ross Burton <ross.burton@intel.com>
 
 From e524b0b3bd8fad844ffa73927c199545b892cdbd Mon Sep 17 00:00:00 2001