On 1/28/19 3:20 AM, Alexander Kanavin wrote:
> Maybe it's better to update systemd to latest upstream release?
Thud benefits from this : )
>
> Alex
>
> On Mon, 28 Jan 2019 at 12:17, Marcus Cooper <[email protected]> wrote:
>> Changed in v2:
>> - Added CVE tag, Upstream-Status tag and Sign-off-by tags.
>> - removed the verification of the entry length in the header
>> - squashed CVE-2018-16865 patches into one
>> - CVE-2018-16866 patch now taken from systemd-stable and includes
>> an additional heap buffer overflow fix.
>>
>> Marcus Cooper (3):
>> systemd: Security fix CVE-2018-16864
>> systemd: Security fix CVE-2018-16865
>> systemd: Security fix CVE-2018-16866
>>
>> ...-not-store-the-iovec-entry-for-process-co.patch | 208
>> +++++++++++++++++++++
>> ...rnald-set-a-limit-on-the-number-of-fields.patch | 139 ++++++++++++++
>> ...nal-fix-out-of-bounds-read-CVE-2018-16866.patch | 49 +++++
>> meta/recipes-core/systemd/systemd_239.bb | 3 +
>> 4 files changed, 399 insertions(+)
>> create mode 100644
>> meta/recipes-core/systemd/systemd/0024-journald-do-not-store-the-iovec-entry-for-process-co.patch
>> create mode 100644
>> meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields.patch
>> create mode 100644
>> meta/recipes-core/systemd/systemd/0026-journal-fix-out-of-bounds-read-CVE-2018-16866.patch
>>
>> --
>> 2.11.0
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> [email protected]
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
