[fido][PATCH 00/11] Fido Security fixes #2

Openembedded Core Discussions
 help / color / mirror / Atom feed

* [fido][PATCH 00/11] Fido Security fixes #2
@ 2016-02-24  1:48 Armin Kuster
  2016-02-29 15:17 ` Joshua G Lock
  0 siblings, 1 reply; 2+ messages in thread
From: Armin Kuster @ 2016-02-24  1:48 UTC (permalink / raw)
  To: openembedded-core, joshua.g.lock, akuster

From: Armin Kuster <akuster@mvista.com>

please consider these changes for the next fido update.

This is to meet our obligation for Yocto compatibility

The following changes since commit 9037f2c7c797367c2d09b87f344ecf749d28cb41:

  gdk-pixbuf: Security fix CVE-2015-7674 (2016-02-22 19:08:53 -0800)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib akuster/fido_cve_fixes
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akuster/fido_cve_fixes

Armin Kuster (10):
  busybox: Security fix CVE-2011-5325
  libpng: Security fix CVE-2015-8126
  libpng: Security fix CVE-2015-8472
  libgcrypt: Security fix CVE-2015-7511
  curl: Security fix CVE-2016-0754
  curl: Secuirty fix CVE-2016-0755
  bind: Security fix CVE-2015-8461
  nettle: Security fix CVE-2015-8803 and CVE-2015-8805
  nettle: Security fix CVE-2015-8804
  git: Security fixes CVE-2015-7545

Li Zhou (1):
  rpcbind: Security Advisory - rpcbind - CVE-2015-7236

 .../bind/bind/CVE-2015-8461.patch                  |  45 +++
 meta/recipes-connectivity/bind/bind_9.9.5.bb       |   3 +-
 .../busybox/busybox/CVE-2011-5325.patch            |  48 +++
 meta/recipes-core/busybox/busybox_1.23.1.bb        |   1 +
 .../git/git-2.3.0/CVE-2015-7545_1.patch            | 445 +++++++++++++++++++++
 .../git/git-2.3.0/CVE-2015-7545_2.patch            | 113 ++++++
 .../git/git-2.3.0/CVE-2015-7545_3.patch            | 110 +++++
 .../git/git-2.3.0/CVE-2015-7545_4.patch            | 146 +++++++
 .../git/git-2.3.0/CVE-2015-7545_5.patch            |  67 ++++
 meta/recipes-devtools/git/git_2.3.0.bb             |   7 +
 .../rpcbind/rpcbind/cve-2015-7236.patch            |  83 ++++
 meta/recipes-extended/rpcbind/rpcbind_0.2.2.bb     |   1 +
 .../libpng/libpng-1.6.16/CVE-2015-8126_1.patch     |  91 +++++
 .../libpng/libpng-1.6.16/CVE-2015-8126_2.patch     | 134 +++++++
 .../libpng/libpng-1.6.16/CVE-2015-8126_3.patch     |  79 ++++
 .../libpng/libpng-1.6.16/CVE-2015-8126_4.patch     |  48 +++
 .../libpng/libpng-1.6.16/CVE-2015-8472.patch       |  29 ++
 meta/recipes-multimedia/libpng/libpng_1.6.16.bb    |   7 +
 meta/recipes-support/curl/curl/CVE-2016-0754.patch | 384 ++++++++++++++++++
 meta/recipes-support/curl/curl/CVE-2016-0755.patch | 133 ++++++
 meta/recipes-support/curl/curl_7.40.0.bb           |   4 +-
 .../libgcrypt/files/CVE-2015-7511_1.patch          | 245 ++++++++++++
 .../libgcrypt/files/CVE-2015-7511_2.patch          |  55 +++
 meta/recipes-support/libgcrypt/libgcrypt_1.6.2.bb  |   5 +
 .../nettle/nettle-2.7.1/CVE-2015-8803_8805.patch   |  71 ++++
 .../nettle/nettle-2.7.1/CVE-2015-8804.patch        | 272 +++++++++++++
 meta/recipes-support/nettle/nettle_2.7.1.bb        |   5 +
 27 files changed, 2629 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2015-8461.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
 create mode 100644 meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_1.patch
 create mode 100644 meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_2.patch
 create mode 100644 meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_3.patch
 create mode 100644 meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_4.patch
 create mode 100644 meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_5.patch
 create mode 100644 meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch
 create mode 100644 meta/recipes-multimedia/libpng/libpng-1.6.16/CVE-2015-8126_1.patch
 create mode 100644 meta/recipes-multimedia/libpng/libpng-1.6.16/CVE-2015-8126_2.patch
 create mode 100644 meta/recipes-multimedia/libpng/libpng-1.6.16/CVE-2015-8126_3.patch
 create mode 100644 meta/recipes-multimedia/libpng/libpng-1.6.16/CVE-2015-8126_4.patch
 create mode 100644 meta/recipes-multimedia/libpng/libpng-1.6.16/CVE-2015-8472.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2016-0754.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2016-0755.patch
 create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2015-7511_1.patch
 create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch
 create mode 100644 meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8803_8805.patch
 create mode 100644 meta/recipes-support/nettle/nettle-2.7.1/CVE-2015-8804.patch

-- 
2.3.5



^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [fido][PATCH 00/11] Fido Security fixes #2
  2016-02-24  1:48 [fido][PATCH 00/11] Fido Security fixes #2 Armin Kuster
@ 2016-02-29 15:17 ` Joshua G Lock
  0 siblings, 0 replies; 2+ messages in thread
From: Joshua G Lock @ 2016-02-29 15:17 UTC (permalink / raw)
  To: Armin Kuster, openembedded-core, akuster

On Tue, 2016-02-23 at 17:48 -0800, Armin Kuster wrote:
> From: Armin Kuster <akuster@mvista.com>
> 
> please consider these changes for the next fido update.
> 
> This is to meet our obligation for Yocto compatibility
> 
> The following changes since commit
> 9037f2c7c797367c2d09b87f344ecf749d28cb41:
> 
>   gdk-pixbuf: Security fix CVE-2015-7674 (2016-02-22 19:08:53 -0800)
> 
> are available in the git repository at:
> 
>   git://git.yoctoproject.org/poky-contrib akuster/fido_cve_fixes
>   http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akuster/fi
> do_cve_fixes
> 
> Armin Kuster (10):
>   busybox: Security fix CVE-2011-5325

This doesn't appear to actually fix anything, it just adds this patch
which notes a potential security issue:

https://git.busybox.net/busybox/commit/?id=a116552869db5e7793ae10968eb3
c962c69b3d8c

>   libpng: Security fix CVE-2015-8126
>   libpng: Security fix CVE-2015-8472
>   libgcrypt: Security fix CVE-2015-7511
>   curl: Security fix CVE-2016-0754
>   curl: Secuirty fix CVE-2016-0755
>   bind: Security fix CVE-2015-8461
>   nettle: Security fix CVE-2015-8803 and CVE-2015-8805
>   nettle: Security fix CVE-2015-8804
>   git: Security fixes CVE-2015-7545
> 
> Li Zhou (1):
>   rpcbind: Security Advisory - rpcbind - CVE-2015-7236

Queued in joshuagl/fido-next

Regards,

Joshua


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-02-29 15:17 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-24  1:48 [fido][PATCH 00/11] Fido Security fixes #2 Armin Kuster
2016-02-29 15:17 ` Joshua G Lock

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox