mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-23 00:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

dpkg: upgrade to 1.17.25

Browse Source 
upgrade to fix two CVE defects: CVE-2014-8625 and CVE-2015-0840

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8625

Multiple format string vulnerabilities in the parse_error_msg
function in parsehelp.c in dpkg before 1.17.22 allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via format string specifiers in the (1) package or (2)
architecture name.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before
1.17.25 allows remote attackers to bypass signature verification
via a crafted Debian source control file (.dsc).

(From OE-Core rev: 079445990f51f98c8d4f9397dec0ed91ca2490c3)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Roy Li
2015-04-29 16:09:38 +08:00
committed by Richard Purdie
parent 8ca6988e93
commit 150fe37203
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
meta/recipes-devtools/dpkg/dpkg_1.17.21.bb → meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
View File

@@ -15,6 +15,6 @@ SRC_URI += "file://noman.patch \
file://add_armeb_triplet_entry.patch \
"
SRC_URI[md5sum] = "765a96fd0180196613bbfa3c4aef0775"
SRC_URI[sha256sum] = "3ed776627181cb9c1c9ba33f94a6319084be2e9ec9c23dd61ce784c4f602cf05"
SRC_URI[md5sum] = "e48fcfdb2162e77d72c2a83432d537ca"
SRC_URI[sha256sum] = "07019d38ae98fb107c79dbb3690cfadff877f153b8c4970e3a30d2e59aa66baa"