diff options
Diffstat (limited to 'external/poky/meta/recipes-devtools/patch/patch')
3 files changed, 4 insertions, 2 deletions
diff --git a/external/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch b/external/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch index 9891526e..78345e92 100644 --- a/external/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch +++ b/external/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch @@ -17,6 +17,7 @@ https://savannah.gnu.org/bugs/index.php?53820 Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)") +CVE: CVE-2018-1000156 Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=19599883ffb6a450d2884f081f8ecf68edbed7ee] Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> --- diff --git a/external/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch b/external/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch index d6a219a1..8ffffef4 100644 --- a/external/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch +++ b/external/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch @@ -17,6 +17,7 @@ https://savannah.gnu.org/bugs/index.php?53820 Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)") Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch") +CVE: CVE-2018-1000156 Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=369dcccdfa6336e5a873d6d63705cfbe04c55727] Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> --- diff --git a/external/poky/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch b/external/poky/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch index f60dfe87..d13d419f 100644 --- a/external/poky/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch +++ b/external/poky/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch @@ -6,8 +6,8 @@ Subject: [PATCH] Invoke ed directly instead of using the shell * src/pch.c (do_ed_script): Invoke ed directly instead of using a shell command to avoid quoting vulnerabilities. -CVE: CVE-2019-13638 -Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0] +CVE: CVE-2019-13638 CVE-2018-20969 +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0] Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> --- |