Details: https://nvd.nist.gov/vuln/detail/CVE-2021-29458 https://nvd.nist.gov/vuln/detail/CVE-2021-31292
The patch is already present, but it was missing the CVE tag, which is added in this change. The same patch fixes both CVEs. Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch index 285f6fe4ce..e7fb887844 100644 --- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch @@ -2,6 +2,9 @@ From 9b7a19f957af53304655ed1efe32253a1b11a8d0 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse <[email protected]> Date: Fri, 9 Apr 2021 13:37:48 +0100 Subject: [PATCH] Fix integer overflow. + +CVE: CVE-2021-29458 CVE-2021-31292 + --- src/crwimage_int.cpp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121984): https://lists.openembedded.org/g/openembedded-devel/message/121984 Mute This Topic: https://lists.openembedded.org/mt/116428180/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
