Richard, Here is a batch of Daisy CVEs that have been pending for a while.
Sau! The following changes since commit e358d20e8ccf1299e8a046e743a31e92546cd239: bash: Fix CVE-2014-7169 (2014-09-29 12:15:51 +0100) are available in the git repository at: git://git.openembedded.org/openembedded-core-contrib sgw/daisy-next http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=sgw/daisy-next Chong Lu (1): adt-installer: fix sed input file error Guillem Jover (2): dpkg: Security Advisory - CVE-2014-0471 dpkg: Security Advisory - CVE-2014-3127 Li Wang (1): nss: CVE-2014-1544 Muzaffar Mahmood (1): libtiff: fix CVE-2013-1961 Richard Purdie (1): binutils: Add fix for recent patch on older gcc Shan Hai (1): pulseaudio: fix CVE-2014-3970 Xufeng Zhang (1): nspr: Fix for CVE-2014-1545 Yue Tao (3): gst-ffmpeg: Add CVE patches libtiff: Security Advisory - CVE-2012-4564 libpam: Security Advisory - CVE-2014-2583 yanjun.zhu (1): perl: fix for CVE-2010-4777 meta/recipes-devtools/binutils/binutils-2.24.inc | 1 + .../binutils/binutils-uninitialised-warning.patch | 50 ++ .../dpkg-1.17.4-CVE-2014-0471-CVE-2014-3127.patch | 68 ++ .../dpkg/dpkg/dpkg-1.17.4-CVE-2014-0471.patch | 97 +++ meta/recipes-devtools/dpkg/dpkg_1.17.4.bb | 2 + .../adt-installer/scripts/adt_installer_internal | 1 + .../perl-5.14.3-fix-CVE-2010-4777.patch | 45 ++ meta/recipes-devtools/perl/perl-native_5.14.3.bb | 3 +- meta/recipes-devtools/perl/perl_5.14.3.bb | 3 +- ...mp-fix-potential-directory-traversal-issu.patch | 63 ++ meta/recipes-extended/pam/libpam_1.1.6.bb | 1 + .../0001-aacdec-check-channel-count.patch | 34 + ...util-fix-signedness-in-sizeof-comparissio.patch | 40 ++ ...c-parser-reset-indexes-on-realloc-failure.patch | 50 ++ ...a-Perform-pointer-advance-and-checks-befo.patch | 81 +++ ...-error-concealment-initialize-block-index.patch | 29 + ...alment-Check-that-the-picture-is-not-in-a.patch | 37 + .../0001-ffserver-set-oformat.patch | 36 + .../0001-h264_sei-Fix-infinite-loop.patch | 39 + ...check-width-more-completely-avoid-out-of-.patch | 30 + ...f-compute-probe-buffer-size-more-reliably.patch | 45 ++ ...er-dont-access-out-of-array-elements-at-t.patch | 44 ++ ...array-index-before-use-fix-out-of-array-a.patch | 30 + .../0001-qdm2dec-fix-buffer-overflow.patch | 58 ++ ...Check-that-the-last-indexes-are-within-th.patch | 32 + ...-vp3-Copy-all-3-frames-for-thread-updates.patch | 32 + ...-read-for-negative-tokens-and-memleaks-on.patch | 183 +++++ .../gst-ffmpeg-CVE-2013-0855.patch | 100 +++ .../gstreamer/gst-ffmpeg_0.10.13.bb | 17 + .../libtiff/files/libtiff-CVE-2013-1961.patch | 786 +++++++++++++++++++++ .../libtiff/files/tiff-CVE-2012-4564.patch | 99 +++ meta/recipes-multimedia/libtiff/tiff_4.0.3.bb | 4 +- .../pulseaudio/pulseaudio/CVE-2014-3970.patch | 52 ++ .../pulseaudio/pulseaudio_5.0.bb | 4 +- .../nspr/nspr/nspr-CVE-2014-1545.patch | 67 ++ meta/recipes-support/nspr/nspr_4.10.3.bb | 1 + .../nss/files/nss-CVE-2014-1544.patch | 41 ++ meta/recipes-support/nss/nss.inc | 1 + 38 files changed, 2302 insertions(+), 4 deletions(-) create mode 100644 meta/recipes-devtools/binutils/binutils/binutils-uninitialised-warning.patch create mode 100644 meta/recipes-devtools/dpkg/dpkg/dpkg-1.17.4-CVE-2014-0471-CVE-2014-3127.patch create mode 100644 meta/recipes-devtools/dpkg/dpkg/dpkg-1.17.4-CVE-2014-0471.patch create mode 100644 meta/recipes-devtools/perl/perl-5.14.3/perl-5.14.3-fix-CVE-2010-4777.patch create mode 100644 meta/recipes-extended/pam/libpam/pam_timestamp-fix-potential-directory-traversal-issu.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-aacdec-check-channel-count.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-dsputil-fix-signedness-in-sizeof-comparissio.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-parser-reset-indexes-on-realloc-failure.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-rpza-Perform-pointer-advance-and-checks-befo.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-error-concealment-initialize-block-index.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-error_concealment-Check-that-the-picture-is-not-in-a.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-ffserver-set-oformat.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264_sei-Fix-infinite-loop.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-check-width-more-completely-avoid-out-of-.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-lavf-compute-probe-buffer-size-more-reliably.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-pngdec-filter-dont-access-out-of-array-elements-at-t.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-qdm2-check-array-index-before-use-fix-out-of-array-a.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-qdm2dec-fix-buffer-overflow.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-smackerdec-Check-that-the-last-indexes-are-within-th.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-vp3-Copy-all-3-frames-for-thread-updates.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-vp3-fix-oob-read-for-negative-tokens-and-memleaks-on.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-CVE-2013-0855.patch create mode 100644 meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-1961.patch create mode 100644 meta/recipes-multimedia/libtiff/files/tiff-CVE-2012-4564.patch create mode 100644 meta/recipes-multimedia/pulseaudio/pulseaudio/CVE-2014-3970.patch create mode 100644 meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch create mode 100644 meta/recipes-support/nss/files/nss-CVE-2014-1544.patch -- 1.8.3.1 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
