mirror of
https://git.yoctoproject.org/poky
synced 2026-05-02 18:32:15 +02:00
c5c9fa771d
CVE-2022-0135 concerns out-of-bounds writes in read_transfer_data(). CVE-2022-0175 concerns using malloc() instead of calloc(). We "cherry-pick" from upstream. The actual cherry-picks are from upstream master to branch-0.9.1 and are the patches entered here. (From OE-Core rev: 91f7511df79c5c1f93add9f2827a5a266453614e) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>