From: Sana Kazi
Fixes out of bound access discovered while fuzzying karchive.
Tested by: sana.k...@kpit.com
Signed-off-by: Saloni Jain
---
.../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36 ++
1 file changed, 36 insertions(+)
create mode 100644 meta/recipes
From: Sana Kazi
Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.
Tested by: sana.k...@kpit.com
Signed-off-by: Saloni Jain
---
.../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36 ++
1 file changed
From: Sana Kazi
Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.
Tested by: sana.k...@kpit.com
Signed-off-by: Saloni Jain
---
.../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36 ++
1 file changed
From: Sana Kazi
Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.
Tested by: sana.k...@kpit.com
Signed-off-by: Saloni Jain
---
.../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36 ++
meta/recipes
) ->
chunk_create_clone() -> memcpy() -> memcpy_noop(), it crashed with
SIGBUS (frames 10, 9, 8).
It could also be that chunk_map() has a bug which does not memmap()
the full or correct areas.
Upstream-Status: Pending
Tested By: Anuj Chougule
Signed-off-by: Anuj Chougule
Signed-off-by:
) ->
chunk_create_clone() -> memcpy() -> memcpy_noop(), it crashed with
SIGBUS (frames 10, 9, 8).
It could also be that chunk_map() has a bug which does not memmap()
the full or correct areas.
Upstream-Status: Pending
Tested By: Anuj Chougule
Signed-off-by: Anuj Chougule
Signed-off-by:
From: Sana Kazi
Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.
Tested by: sana.k...@kpit.com
Signed-off-by: Saloni Jain
---
.../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 34 ++
1 file changed
From: Sana Kazi
Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.
Tested by: sana.k...@kpit.com
Signed-off-by: Saloni Jain
---
.../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 34 ++
meta/recipes
From: Sana Kazi
Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.
Tested by: sana.k...@kpit.com
Signed-off-by: Saloni Jain
---
.../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 34 ++
1 file changed
y 15, 2020 10:36 PM
To: Saloni Jain
Cc: openembedded-core@lists.openembedded.org
; Nisha Parrakat
; Sana Kazi
Subject: Re: [poky][zeus][PATCH] bzip2: Fix CVE-2019-12900
On Wed, Jan 15, 2020 at 7:51 AM Saloni Jain wrote:
>
> From: Sana Kazi
>
> Added patch for CVE-2019-12900 as backpo
Sent: Wednesday, January 15, 2020 10:00 PM
To: openembedded-core@lists.openembedded.org
; Saloni Jain
Subject: Re: [OE-core] [poky][master][PATCH] bzip2: Fix CVE-2019-12900
On 15/01/2020 15:47, Saloni Jain wrote:
> From: Sana Kazi
>
> Added patch for CVE-2019-12900 as backport from upstream
From: Sana Kazi
Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.
Tested by: sana.k...@kpit.com
Signed-off-by: Saloni Jain
---
.../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 35 ++
1 file changed
From: Sana Kazi
Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.
Tested by: sana.k...@kpit.com
Signed-off-by: Saloni Jain
---
.../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 35 ++
1 file changed
From: Sana Kazi
Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.
Tested by: sana.k...@kpit.com
Signed-off-by: Saloni Jain
---
.../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 35 ++
meta/recipes
From: Saloni Jain
Add fix for below CVE:
CVE-2021-33560
Link:
[https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=3462280f2e23e16adf3ed5176e0f2413d8861320]
Signed-off-by: Saloni Jain
---
.../libgcrypt/files/CVE-2021-33560.patch | 108 ++
.../libgcrypt
From: Saloni Jain
Below CVE affects only Oracle Berkeley DB as per upstream.
Hence, whitelisted them.
1. CVE-2015-2583
Link: https://security-tracker.debian.org/tracker/CVE-2015-2583
2. CVE-2015-2624
Link: https://security-tracker.debian.org/tracker/CVE-2015-2624
3. CVE-2015-2626
Link: https
From: Saloni
Add fix for below CVE:
CVE-2021-3566
Link:
[http://git.videolan.org/?p=ffmpeg.git;a=patch;h=3bce9e9b3ea35c54ba793d7da99ea5157532]
CVE-2021-38291
Link:
[http://git.videolan.org/?p=ffmpeg.git;a=patch;h=e01d306c647b5827102260b885faa223b646d2d1]
Signed-off-by: Saloni Jain
17 matches
Mail list logo