On Wed, 2020-07-29 at 18:25 +0530, saloni wrote: > From: Rahul Taya <rahul.t...@kpit.com> > > Added below patch in libpcre > CVE-2020-14155.patch > > This patch fixes below error: > PCRE could allow a remote attacker to execute arbitrary > code on the system, caused by an integer overflow in > libpcre via a large number after (?C substring. > By sending a request with a large number, an attacker > can execute arbitrary code on the system or > cause the application to crash. > > Upstream-Status: Pending > > Tested-by: Rahul Taya <rahul.t...@kpit.com> > Signed-off-by: Saloni Jain <saloni.j...@kpit.com> > --- > .../libpcre/libpcre/CVE-2020-14155.patch | 40 > ++++++++++++++++++++++ > meta/recipes-support/libpcre/libpcre_8.44.bb | 3 +-
zeus has libpcre version 8.43. Also it looks like this specific fix is already is 8.44. So please test and send again for proper version & branch. Thanks, Anuj
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#141107): https://lists.openembedded.org/g/openembedded-core/message/141107 Mute This Topic: https://lists.openembedded.org/mt/75863890/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
