mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-02-23 09:59:39 +01:00

Commit Graph

Author	SHA1	Message	Date
Wenzong Fan	55db269ae9	sqlite3: fix CVE-2017-13685 The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. Backport patch to fix the issue. Some references: https://sqlite.org/src/info/02f0f4c54f2819b3 http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html (From OE-Core rev: 9b9f566d2042f2b393de88506d2da964bc4d17b0) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2017-10-16 23:52:44 +01:00
Wenzong Fan	3ff394411e	sqlite3: upgrade to 3.2.0 * Uprev from 3.19.3 to 3.2.0 for fixing CVE-2017-10989: The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. https://nvd.nist.gov/vuln/detail/CVE-2017-10989 * LIC_FILES_CHKSUM updated for below changes: - 2001 September 15 + 2001-09-15 (From OE-Core rev: 95b802bfe74ac6a3f6dc05edb52c87ef90600f40) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2017-08-18 10:40:27 +01:00

Author

SHA1

Message

Date

Wenzong Fan

55db269ae9

sqlite3: fix CVE-2017-13685

The dump_callback function in SQLite 3.20.0 allows remote attackers to
cause a denial of service (EXC_BAD_ACCESS and application crash) via a
crafted file.

Backport patch to fix the issue. Some references:
https://sqlite.org/src/info/02f0f4c54f2819b3
http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html

(From OE-Core rev: 9b9f566d2042f2b393de88506d2da964bc4d17b0)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2017-10-16 23:52:44 +01:00

Wenzong Fan

3ff394411e

sqlite3: upgrade to 3.2.0

* Uprev from 3.19.3 to 3.2.0 for fixing CVE-2017-10989:

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3,
as used in GDAL and other products, mishandles undersized RTree blobs
in a crafted database, leading to a heap-based buffer over-read or
possibly unspecified other impact.

https://nvd.nist.gov/vuln/detail/CVE-2017-10989

* LIC_FILES_CHKSUM updated for below changes:

  -** 2001 September 15
  +** 2001-09-15

(From OE-Core rev: 95b802bfe74ac6a3f6dc05edb52c87ef90600f40)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2017-08-18 10:40:27 +01:00

2 Commits