* [fido][PATCH 00/11] Fido Security fixes #2
@ 2016-02-24 1:48 Armin Kuster
2016-02-29 15:17 ` Joshua G Lock
0 siblings, 1 reply; 2+ messages in thread
From: Armin Kuster @ 2016-02-24 1:48 UTC (permalink / raw)
To: openembedded-core, joshua.g.lock, akuster
From: Armin Kuster <akuster@mvista.com>
please consider these changes for the next fido update.
This is to meet our obligation for Yocto compatibility
The following changes since commit 9037f2c7c797367c2d09b87f344ecf749d28cb41:
gdk-pixbuf: Security fix CVE-2015-7674 (2016-02-22 19:08:53 -0800)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib akuster/fido_cve_fixes
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akuster/fido_cve_fixes
Armin Kuster (10):
busybox: Security fix CVE-2011-5325
libpng: Security fix CVE-2015-8126
libpng: Security fix CVE-2015-8472
libgcrypt: Security fix CVE-2015-7511
curl: Security fix CVE-2016-0754
curl: Secuirty fix CVE-2016-0755
bind: Security fix CVE-2015-8461
nettle: Security fix CVE-2015-8803 and CVE-2015-8805
nettle: Security fix CVE-2015-8804
git: Security fixes CVE-2015-7545
Li Zhou (1):
rpcbind: Security Advisory - rpcbind - CVE-2015-7236
.../bind/bind/CVE-2015-8461.patch | 45 +++
meta/recipes-connectivity/bind/bind_9.9.5.bb | 3 +-
.../busybox/busybox/CVE-2011-5325.patch | 48 +++
meta/recipes-core/busybox/busybox_1.23.1.bb | 1 +
.../git/git-2.3.0/CVE-2015-7545_1.patch | 445 +++++++++++++++++++++
.../git/git-2.3.0/CVE-2015-7545_2.patch | 113 ++++++
.../git/git-2.3.0/CVE-2015-7545_3.patch | 110 +++++
.../git/git-2.3.0/CVE-2015-7545_4.patch | 146 +++++++
.../git/git-2.3.0/CVE-2015-7545_5.patch | 67 ++++
meta/recipes-devtools/git/git_2.3.0.bb | 7 +
.../rpcbind/rpcbind/cve-2015-7236.patch | 83 ++++
meta/recipes-extended/rpcbind/rpcbind_0.2.2.bb | 1 +
.../libpng/libpng-1.6.16/CVE-2015-8126_1.patch | 91 +++++
.../libpng/libpng-1.6.16/CVE-2015-8126_2.patch | 134 +++++++
.../libpng/libpng-1.6.16/CVE-2015-8126_3.patch | 79 ++++
.../libpng/libpng-1.6.16/CVE-2015-8126_4.patch | 48 +++
.../libpng/libpng-1.6.16/CVE-2015-8472.patch | 29 ++
meta/recipes-multimedia/libpng/libpng_1.6.16.bb | 7 +
meta/recipes-support/curl/curl/CVE-2016-0754.patch | 384 ++++++++++++++++++
meta/recipes-support/curl/curl/CVE-2016-0755.patch | 133 ++++++
meta/recipes-support/curl/curl_7.40.0.bb | 4 +-
.../libgcrypt/files/CVE-2015-7511_1.patch | 245 ++++++++++++
.../libgcrypt/files/CVE-2015-7511_2.patch | 55 +++
meta/recipes-support/libgcrypt/libgcrypt_1.6.2.bb | 5 +
.../nettle/nettle-2.7.1/CVE-2015-8803_8805.patch | 71 ++++
.../nettle/nettle-2.7.1/CVE-2015-8804.patch | 272 +++++++++++++
meta/recipes-support/nettle/nettle_2.7.1.bb | 5 +
27 files changed, 2629 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2015-8461.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
create mode 100644 meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_1.patch
create mode 100644 meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_2.patch
create mode 100644 meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_3.patch
create mode 100644 meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_4.patch
create mode 100644 meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_5.patch
create mode 100644 meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch
create mode 100644 meta/recipes-multimedia/libpng/libpng-1.6.16/CVE-2015-8126_1.patch
create mode 100644 meta/recipes-multimedia/libpng/libpng-1.6.16/CVE-2015-8126_2.patch
create mode 100644 meta/recipes-multimedia/libpng/libpng-1.6.16/CVE-2015-8126_3.patch
create mode 100644 meta/recipes-multimedia/libpng/libpng-1.6.16/CVE-2015-8126_4.patch
create mode 100644 meta/recipes-multimedia/libpng/libpng-1.6.16/CVE-2015-8472.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2016-0754.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2016-0755.patch
create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2015-7511_1.patch
create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch
create mode 100644 meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch
create mode 100644 meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch
--
2.3.5
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [fido][PATCH 00/11] Fido Security fixes #2
2016-02-24 1:48 [fido][PATCH 00/11] Fido Security fixes #2 Armin Kuster
@ 2016-02-29 15:17 ` Joshua G Lock
0 siblings, 0 replies; 2+ messages in thread
From: Joshua G Lock @ 2016-02-29 15:17 UTC (permalink / raw)
To: Armin Kuster, openembedded-core, akuster
On Tue, 2016-02-23 at 17:48 -0800, Armin Kuster wrote:
> From: Armin Kuster <akuster@mvista.com>
>
> please consider these changes for the next fido update.
>
> This is to meet our obligation for Yocto compatibility
>
> The following changes since commit
> 9037f2c7c797367c2d09b87f344ecf749d28cb41:
>
> gdk-pixbuf: Security fix CVE-2015-7674 (2016-02-22 19:08:53 -0800)
>
> are available in the git repository at:
>
> git://git.yoctoproject.org/poky-contrib akuster/fido_cve_fixes
> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akuster/fi
> do_cve_fixes
>
> Armin Kuster (10):
> busybox: Security fix CVE-2011-5325
This doesn't appear to actually fix anything, it just adds this patch
which notes a potential security issue:
https://git.busybox.net/busybox/commit/?id=a116552869db5e7793ae10968eb3
c962c69b3d8c
> libpng: Security fix CVE-2015-8126
> libpng: Security fix CVE-2015-8472
> libgcrypt: Security fix CVE-2015-7511
> curl: Security fix CVE-2016-0754
> curl: Secuirty fix CVE-2016-0755
> bind: Security fix CVE-2015-8461
> nettle: Security fix CVE-2015-8803 and CVE-2015-8805
> nettle: Security fix CVE-2015-8804
> git: Security fixes CVE-2015-7545
>
> Li Zhou (1):
> rpcbind: Security Advisory - rpcbind - CVE-2015-7236
Queued in joshuagl/fido-next
Regards,
Joshua
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-02-29 15:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-24 1:48 [fido][PATCH 00/11] Fido Security fixes #2 Armin Kuster
2016-02-29 15:17 ` Joshua G Lock
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox