Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-01-11 | Add "CVE:" tag to current patches in OE-core | Mariano Lopez | |
The currnet patches in OE-core doesn't have the "CVE:" tag, now part of the policy of the patches. This is patch add this tag to several patches. There might be patches that I miss; the tag can be added in the future. (From OE-Core rev: 065ebeb3e15311d0d45385e15bf557b1c95b1669) Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | |||
2015-11-02 | unzip: CVE-2015-7696, CVE-2015-7697 | Tudor Florea | |
CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping References: http://www.openwall.com/lists/oss-security/2015/10/11/5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697 (From OE-Core rev: a11b23a7d2a29414a4ea47c411f09a68b1b28e2d) Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |