]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 4c38988) | patch
cpio: fix CVE-2015-1197
authorRobert Yang <liezhi.yang@windriver.com>
Thu, 26 Mar 2015 09:18:09 +0000 (02:18 -0700)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 29 Mar 2015 22:07:14 +0000 (23:07 +0100)
commitaf18ce070bd1c73f3619d6370928fe7e2e06ff5e
tree8c57514834a01deff418d953c431be66a1ca6e4etree | snapshot
parent4c389880dc9c6221344f7aed221fe8356e8c2056commit | diff
cpio: fix CVE-2015-1197

Additional directory traversal vulnerability via symlinks
cpio CVE-2015-1197

Initial report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669
Upstream report:
https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html

And fix the indent in SRC_URI.

[YOCTO #7182]

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/cpio/cpio-2.11/cpio-CVE-2015-1197.patch [new file with mode: 0644] blob
meta/recipes-extended/cpio/cpio_2.11.bb diff | blob | history
Mirror of the official openembedded-core repository