On Mon, Jan 28, 2019 at 3:20 AM Alexander Kanavin <[email protected]> wrote: > > Maybe it's better to update systemd to latest upstream release? >
Indeed but I would suggest to go to 241 which is in RC stage within week of 240 release > Alex > > On Mon, 28 Jan 2019 at 12:17, Marcus Cooper <[email protected]> wrote: > > > > Changed in v2: > > - Added CVE tag, Upstream-Status tag and Sign-off-by tags. > > - removed the verification of the entry length in the header > > - squashed CVE-2018-16865 patches into one > > - CVE-2018-16866 patch now taken from systemd-stable and includes > > an additional heap buffer overflow fix. > > > > Marcus Cooper (3): > > systemd: Security fix CVE-2018-16864 > > systemd: Security fix CVE-2018-16865 > > systemd: Security fix CVE-2018-16866 > > > > ...-not-store-the-iovec-entry-for-process-co.patch | 208 > > +++++++++++++++++++++ > > ...rnald-set-a-limit-on-the-number-of-fields.patch | 139 ++++++++++++++ > > ...nal-fix-out-of-bounds-read-CVE-2018-16866.patch | 49 +++++ > > meta/recipes-core/systemd/systemd_239.bb | 3 + > > 4 files changed, 399 insertions(+) > > create mode 100644 > > meta/recipes-core/systemd/systemd/0024-journald-do-not-store-the-iovec-entry-for-process-co.patch > > create mode 100644 > > meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields.patch > > create mode 100644 > > meta/recipes-core/systemd/systemd/0026-journal-fix-out-of-bounds-read-CVE-2018-16866.patch > > > > -- > > 2.11.0 > > > > -- > > _______________________________________________ > > Openembedded-core mailing list > > [email protected] > > http://lists.openembedded.org/mailman/listinfo/openembedded-core > -- > _______________________________________________ > Openembedded-core mailing list > [email protected] > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
