From: akuster808 <akuster808@gmail.com>
To: "Bian, Naimeng" <biannm@cn.fujitsu.com>
Cc: "yocto@yoctoproject.org" <yocto@yoctoproject.org>
Subject: Re: [Dizzy] Backport patch of CVE-2014-9112
Date: Sun, 14 Dec 2014 19:15:28 -0800 [thread overview]
Message-ID: <548E5250.1000409@gmail.com> (raw)
In-Reply-To: <30DC4EDFD798C94083F3E083754532CC73DE2D79@G08CNEXMBPEKD02.g08.fujitsu.local>
Bian.
Thanks for the reminder. I staged these today for test builds.
hope to make the pull request soon.
- Armin
On 12/14/2014 06:41 PM, Bian, Naimeng wrote:
> Hi Armin
>
> This patch set have been applied into master of meta-oe and poky.
> Would you mind to backport it to Dizzy.
>
> The commit id at master of poky as below.
> b9001b69b231efefbb9ed1e09eec211e61cd8cb1
> 8018f6167b7343373fe53c6d2bc53c569228b3cb
>
> Thanks
> Bian
>
> -----Original Message-----
> From: Bian, Naimeng
> Sent: Monday, December 08, 2014 1:45 PM
> To: openembedded-core@lists.openembedded.org
> Cc: Bian, Naimeng; Sergey Poznyakoff
> Subject: [PATCH 0/2] cpio: backport patch of CVE-2014-9112
>
> cpio: Fix memory overrun on reading improperly created link records
>
> Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
>
> http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d
> * src/copyin.c (get_link_name): New function.
> (list_file, copyin_link): use get_link_name
>
> * tests/symlink-bad-length.at: New file.
> * tests/symlink-long.at: New file.
> * tests/Makefile.am: Add new files.
> * tests/testsuite.at: Likewise.
>
> See http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html
>
> Upstream-Status: Backport
> Signed-off-by: Sergey Poznyakoff <gray@gnu.org.ua>
>
> Bian Naimeng (2):
> cpio: fix bug CVE-2014-9112 for cpio-2.8
> cpio: fix bug CVE-2014-9112 for cpio-2.11
>
> .../cpio/cpio-2.11/fix-memory-overrun.patch | 220 +++++++++++++++++++++
> .../cpio/cpio-2.8/fix-memory-overrun.patch | 217 ++++++++++++++++++++
> meta/recipes-extended/cpio/cpio_2.11.bb | 3 +-
> meta/recipes-extended/cpio/cpio_2.8.bb | 7 +-
> 4 files changed, 443 insertions(+), 4 deletions(-) create mode 100644 meta/recipes-extended/cpio/cpio-2.11/fix-memory-overrun.patch
> create mode 100644 meta/recipes-extended/cpio/cpio-2.8/fix-memory-overrun.patch
>
> --
> 1.9.1
>
prev parent reply other threads:[~2014-12-15 3:15 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-15 2:41 [Dizzy] Backport patch of CVE-2014-9112 Bian, Naimeng
2014-12-15 3:15 ` akuster808 [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=548E5250.1000409@gmail.com \
--to=akuster808@gmail.com \
--cc=biannm@cn.fujitsu.com \
--cc=yocto@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.