Hi,
On 29/04/15 03:09, rongqing...@windriver.com wrote:
From: Roy Li <rongqing...@windriver.com>
upgrade to fix two CVE defects: CVE-2014-8625 and CVE-2015-0840
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8625
Multiple format string vulnerabilities in the parse_error_msg
function in parsehelp.c in dpkg before 1.17.22 allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via format string specifiers in the (1) package or (2)
architecture name.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0840
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before
1.17.25 allows remote attackers to bypass signature verification
via a crafted Debian source control file (.dsc).
Signed-off-by: Roy Li <rongqing...@windriver.com>
---
meta/recipes-devtools/dpkg/{dpkg_1.17.21.bb => dpkg_1.17.25.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-devtools/dpkg/{dpkg_1.17.21.bb => dpkg_1.17.25.bb} (81%)
diff --git a/meta/recipes-devtools/dpkg/dpkg_1.17.21.bb
b/meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
similarity index 81%
rename from meta/recipes-devtools/dpkg/dpkg_1.17.21.bb
rename to meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
index ebb8671..74b1dd0 100644
--- a/meta/recipes-devtools/dpkg/dpkg_1.17.21.bb
+++ b/meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
@@ -15,6 +15,6 @@ SRC_URI += "file://noman.patch \
file://add_armeb_triplet_entry.patch \
"
-SRC_URI[md5sum] = "765a96fd0180196613bbfa3c4aef0775"
-SRC_URI[sha256sum] =
"3ed776627181cb9c1c9ba33f94a6319084be2e9ec9c23dd61ce784c4f602cf05"
+SRC_URI[md5sum] = "e48fcfdb2162e77d72c2a83432d537ca"
+SRC_URI[sha256sum] =
"07019d38ae98fb107c79dbb3690cfadff877f153b8c4970e3a30d2e59aa66baa"
Acked-by: Aníbal Limón <anibal.li...@linux.intel.com>
Cheers,
alimon
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
