[OE-core] [PATCH 0/1] logrotate: fix for CVE-2011-1548

wenzong.fan Mon, 17 Jun 2013 19:29:59 -0700

From: Wenzong Fan <wenzong....@windriver.com>

If a logfile is a symlink, it may be read when being compressed, being
copied (copy, copytruncate) or mailed. Secure data (eg. password files)
may be exposed.
    
Portback nofollow.patch from:
http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz


The following changes since commit 1dd643b142c69ac9035e29bff11d02201638dc65:

  licences: Add SGI license (2013-06-17 16:45:37 +0100)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib wenzong/logrotate
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/logrotate

Wenzong Fan (1):
  logrotate: fix for CVE-2011-1548

 .../logrotate-3.8.1/logrotate-CVE-2011-1548.patch  |   43 ++++++++++++++++++++
 meta/recipes-extended/logrotate/logrotate_3.8.1.bb |    1 +
 2 files changed, 44 insertions(+)
 create mode 100644 
meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch

-- 
1.7.9.5

_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 0/1] logrotate: fix for CVE-2011-1548

Reply via email to