mirror of
https://git.yoctoproject.org/poky
synced 2026-03-06 15:29:40 +01:00
58238ee55c
This includes CVE-fix for CVE-2025-46805, CVE-2025-46804, CVE-2025-46803, CVE-2025-46802 and CVE-2025-23395. Changelog: ========= https://cgit.git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog?h=v.5.0.1 * Fixes: - CVE-2025-46805: do NOT send signals with root privileges - CVE-2025-46804: avoid file existence test information leaks - CVE-2025-46803: apply safe PTY default mode of 0620 - CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher - CVE-2025-23395: reintroduce lf_secreopen() for logfile - buffer overflow due bad strncpy() - uninitialized variables warnings - typos - combining char handling that could lead to a segfault (From OE-Core rev: 9e608022b287bfdb4f547f5e2d418536758bc82f) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>