code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Roy Li <rongqing.li@windriver.com>
	Tue, 28 Apr 2015 06:22:54 +0000 (14:22 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Thu, 30 Apr 2015 22:01:29 +0000 (23:01 +0100)
commit	4a65944b89a76f18c8ff6e148f17508882d387cf
tree	de912eacb4400edf4d3acc75cb5e1507bb665d1c	tree \| snapshot
parent	f2e92c741bde70753163afe3839ff8d35ae5380e	commit \| diff

elfutils: Security Advisory - CVE-2015-0255

Directory traversal vulnerability in the read_long_names function in
libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers
to write to arbitrary files to the root directory via a / (slash) in a
crafted archive, as demonstrated using the ar program.

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9447

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/elfutils/elfutils_0.161.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom