mirror of
https://git.yoctoproject.org/poky
synced 2026-02-28 20:39:39 +01:00
4e2cfc6b11
CVE-2022-0135 concerns out-of-bounds writes in read_transfer_data(). CVE-2022-0175 concerns using malloc() instead of calloc(). We "cherry-pick" from upstream. The actual cherry-picks are from upstream master to branch-0.9.1 and are the patches entered here. (From OE-Core rev: 2d1ed522def1386ce2810c4634a394774b42228c) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 91f7511df79c5c1f93add9f2827a5a266453614e) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>