mirror of
https://git.yoctoproject.org/poky
synced 2026-07-16 03:47:03 +00:00
squashfs-tools: fix CVE-2021-40153
Source: http://git.yoctoproject.org/poky.git
MR: 113126
Type: Security Fix
Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=hardknott&id=cfc17a7ab5d3b0d6354a7194b8c8746c501959d9
ChangeID: cfc17a7ab5
Description:
Backport patch to fix CVE-2021-40153, and remove version update in
unsquashfs.c for compatible.
CVE: CVE-2021-40153
Ref:
* https://security-tracker.debian.org/tracker/CVE-2021-40153
(From OE-Core rev: 09de4ef3f33540069a37e9fe6e13081984b77511)
(From OE-Core rev: 48303d1c93cfcadf80830d07597805cc41d5f7e9)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
@@ -11,6 +11,7 @@ PV = "4.4"
|
||||
SRCREV = "52eb4c279cd283ed9802dd1ceb686560b22ffb67"
|
||||
SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https \
|
||||
file://0001-squashfs-tools-fix-build-failure-against-gcc-10.patch;striplevel=2 \
|
||||
file://CVE-2021-40153.patch;striplevel=2 \
|
||||
"
|
||||
|
||||
S = "${WORKDIR}/git/squashfs-tools"
|
||||
|
||||
Reference in New Issue
Block a user