On Wed, September 16, 2015 16:36, Peng HG wrote: > The first sed command in LFS version SVN-20150907 seems to search for a > couple of substition patterns that don't exist. I did a diff of > the lib/ext2fs/closefs.c file before and after the sed and they are > identical.
The CVE: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1572 A backport patch: http://lists.openembedded.org/pipermail/openembedded-core/2015-May/104542.html They should be identical. The 1.42.13 has the changes: http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/tree/lib/ext2fs/closefs.c?id=v1.42.13 The sed would affect 1.42.12: http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/tree/lib/ext2fs/closefs.c?id=v1.42.12 Sincerely, William Harrington -- http://lists.linuxfromscratch.org/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
