file: CVE-2014-9620 and CVE-2014-9621

mirror of https://git.yoctoproject.org/poky synced 2026-05-31 00:39:46 +00:00

CVE-2014-9620:
Limit the number of ELF notes processed - DoS
CVE-2014-9621:
Limit string printing to 100 chars - DoS

The patch comes from:
https://github.com/file/file/commit/6ce24f35cd4a43c4bdd249e8e0c4952c1f8eac67
https://github.com/file/file/commit/0056ec32255de1de973574b0300161a1568767d6
https://github.com/file/file/commit/09e41625c999a2e5b51e1092f0ef2432a99b5c33
https://github.com/file/file/commit/af444af0738468393f40f9d2261b1ea10fc4b2ba
https://github.com/file/file/commit/68bd8433c7e11a8dbe100deefdfac69138ee7cd9
https://github.com/file/file/commit/dddd3cdb95210a765dd90f7d722cb8b5534daee7
https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4
https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c

[YOCTO #7178]

(From OE-Core rev: 0e4f0f893de2c0fac444b779b2b3028fd79e6048)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

This commit is contained in:

Chong.Lu@windriver.com

2015-01-26 09:56:05 +08:00

committed by

Richard Purdie

parent 2a53df980d

commit 86da1430b7

2 changed files with 1415 additions and 0 deletions

meta/recipes-devtools/file/file/file-CVE-2014-9620-and-CVE-2014-9621.patch

+1414

View File

File diff suppressed because it is too large Load Diff

									
										meta/recipes-devtools/file/file_5.18.bb
									
		+1
		
												View File
												
				@@ -13,6 +13,7 @@ DEPENDS_class-native = "zlib-native"

				SRC_URI = "ftp://ftp.astron.com/pub/file/file-${PV}.tar.gz \

				           file://debian-742262.patch \

				           file://file-CVE-2014-9620-and-CVE-2014-9621.patch \

				          "

				SRC_URI[md5sum] = "d420d8f2990cd344673acfbf8d76ff5a"