mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 17:59:59 +00:00
Urade, Yogita
fb99d19bac
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-41974 NOTE: The actual fixes for this CVE are upstream commits [1] and [2]. However, they are part of a larger patchset which has a lot of dependencies and cannot be backported easily to older multipath-tools versions. Upstream discussion [3] indicates that there is a custom patch available for old versions ([4]). Ubuntu, Debian and Suse applied this patch to their 0.7.xx and 0.8.xx releases ([4], [5]), so we add it as well. [1] https://github.com/opensvc/multipath-tools/commit/f812466f68b8e020818c6454d7b7a7e278bc99f6 [2] https://github.com/opensvc/multipath-tools/commit/d139bcf0842bc0a16beab86e1349ed65b150bf0c [3] https://github.com/opensvc/multipath-tools/issues/59 [4] https://github.com/openSUSE/multipath-tools/commit/fbbf280a0e26026c19879d938ebb2a8200b6357c [5] http://launchpadlibrarian.net/634132876/multipath-tools_0.7.4-2ubuntu3.1_0.7.4-2ubuntu3.2.diff.gz Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>