mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-13 17:39:57 +00:00
Yogita Urade
92a5b3ebf0
CVE-2022-39836: An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte. CVE-2022-39837: An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-39836 https://nvd.nist.gov/vuln/detail/CVE-2022-39837 Upstream patch: https://github.com/COVESA/dlt-daemon/commit/855e0017a980d2990c16f7dbf3b4983b48fac272 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Collection of layers for the OE-core universe Main layer maintainer: Armin Kuster <akuster808@gmail.com> This repository is a collection of layers to suppliment OE-Core with additional packages, Each layer have designated maintainer Please see the respective READMEs in the layer subdirectories