mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-12 19:53:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
68,873 Commits 38 Branches 617 Tags
94dea33c75f818c1424dc24366a3e3f368a208fe
Commit Graph

2 Commits

Author SHA1 Message Date
Jiaying Song
82902b3d64 diffoscope: fix CVE-2024-25711 
diffoscope before 256 allows directory traversal via an embedded
filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa,
may be disclosed to an attacker. This occurs because the value of the
gpg --use-embedded-filenames option is trusted.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-25711

Upstream patches:
458f7f04bc

(From OE-Core rev: da4977e9414361a30eb322d1456a664515b35693)

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-12-09 07:54:03 -08:00
wangmy
eb2f29d6f8 diffoscope: upgrade 207 -> 208 
(From OE-Core rev: 9befbe17c1ff8222c782489cead17e441a927ae1)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-29 15:59:28 +01:00