From: Yue Tao
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers
to cause a denial of service (out-of-bounds write) via a crafted (1)
extension block in a GIF image or (2) GIF raster image to
tools/gif2tiff.c or (3) a long filename for a TIFF image to
tools/rgb2ycbcr.c. NOTE
From: Li Wang
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492
https://bugzilla.mozilla.org/show_bug.cgi?id=903885
changeset: 11063:709d4e597979
user:Kai Engert
date:Wed Mar 05 18:38:55 2014 +0100
summary: Bug 903885, address requests to
From: Li Wang
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1740
https://bugzilla.mozilla.org/show_bug.cgi?id=919877
https://bugzilla.mozilla.org/show_bug.cgi?id=713933
changeset: 10946:f28426e944ae
user:Wan-Teh Chang
date:Tue Nov 26 16:44:39 2
From: Roy Li
Diff with v1: add Upstream-status in patches
The following changes since commit 9138880cd286d2700a380bfc21f70bfeb98ce675:
subversion: fix for Security Advisory CVE-2013-4277 (2014-05-19 13:07:22
+0800)
are available in the git repository at:
git://git.pokylinux.org/poky-con
The following changes since commit 874d81a5ebb6395b0d65d0082471287e522d0c47:
gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:45 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib chonglu/libpcre
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=cho
Upgrade libpcre to 8.35 version.
Signed-off-by: Chong Lu
---
meta/recipes-support/libpcre/{libpcre_8.34.bb => libpcre_8.35.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-support/libpcre/{libpcre_8.34.bb => libpcre_8.35.bb} (91%)
diff --git a/meta/recipes-su
From: Yue Tao
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277
From: Yue Tao
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before
1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to
cause a denial of service (memory consumption) by (1) setting or (2)
deleting a large number of properties for a file or directory.
http://web.n
From: Yue Tao
Reject operations on getcontentlength and getcontenttype properties
if the resource is an activity.
Signed-off-by: Yue Tao
Signed-off-by: Roy Li
---
.../subversion/subversion-CVE-2013-1849.patch | 25
.../subversion/subversion_1.6.15.bb
From: Yue Tao
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0
through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass
intended access restrictions and possibly cause a denial of service
(resource consumption) via a relative URL in a REPORT request.
http:
From: Yue Tao
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21
and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of
service (NULL pointer dereference and crash) via a LOCK on an activity URL.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE
From: Yue Tao
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause
a denial of service (assertion failure or out-of-bounds read) via a
certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision
ro
From: Roy Li
Diff with v1: add Upstream-status in two patches
The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:
gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib roy/subver
>It's not opt-in: once a recipe is using doxygen.bbclass then it has a build
>dependency on doxygen-native and *will* generate documentation.
>This is needless overhead if you don't intend to read the documentation.
I think if you intend to read the documentation. Just inherit this class. If
not
On May 18, 2014 8:02 PM, "Saul Wold" wrote:
>
> On 05/16/2014 01:40 AM, Khem Raj wrote:
>>
>> On Fri, May 16, 2014 at 12:45 AM, wrote:
>>>
>>> From: Zongchun Yu
>>>
>>> Signed-off-by: Zongchun Yu
>>> ---
>>> .../doxygen/doxygen-native_1.8.6.bb| 23
>>
>>
On 05/15/2014 11:00 PM, rongqing...@windriver.com wrote:
From: Roy Li
The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:
gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib
>Also why are we adding it, what packages needs doxygen ?
Please refer this site: http://www.stack.nl/~dimitri/doxygen/index.html
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/list
On 05/14/2014 11:00 PM, rongqing...@windriver.com wrote:
From: Roy Li
The following changes since commit 03ece04bb1379adc5729fd0857e5287dfcae0e3a:
perl-5.14.3:fix CVE-2010-4777 (2014-05-15 11:10:52 +0800)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib roy/
On 05/16/2014 01:44 AM, Lucian Musat wrote:
You did not address Stefen's comment about having a more detailed commit
message explaining why this change is needed.
Please add a why
Thanks
Sau!
> Signed-off-by: Lucian Musat
---
meta/lib/oeqa/runtime/buildcvs.py | 4 ++--
me
On 05/16/2014 01:40 AM, Khem Raj wrote:
On Fri, May 16, 2014 at 12:45 AM, wrote:
From: Zongchun Yu
Signed-off-by: Zongchun Yu
---
.../doxygen/doxygen-native_1.8.6.bb| 23
Commit message should say that its adding recipe for doxygen-native
and not ox
The SHA we use it actually on cross_prelink branch
if you do not use yocto source mirrors then the fetch
for prelink on dora fails due to missing branch in SRC_URI
Signed-off-by: Khem Raj
---
meta/recipes-devtools/prelink/prelink_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff
On 05/16/2014 06:39 PM, Burton, Ross wrote:
On 16 May 2014 07:00, wrote:
subversion: fix for Security Advisory CVE-2013-1849
subversion: fix for Security Advisory CVE-2013-4505
subversion: fix for Security Advisory CVE-2013-4131
subversion: fix for Security Advisory CVE-2013-1845
On 05/16/2014 07:09 PM, Paul Eggleton wrote:
Hi Roy,
On Friday 16 May 2014 10:12:08 rongqing...@windriver.com wrote:
From: Roy Li
Diff with V1: use ffmpeg as prefix of commit header
The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:
gstreamer/lame: Better gcc
On Fri, May 16, 2014 at 11:51:06AM +0100, Paul Eggleton wrote:
> On Monday 28 April 2014 14:45:26 Koen Kooi wrote:
> > Paul Eggleton schreef op 28-04-14 13:08:
> > > OK then, how about this instead:
> > >
> > > 1) Ensure the "openembedded-core" repository is kept up-to-date
> > >
> > > 2) Add a "
24 matches
Mail list logo
