openembedded-core.git/meta/recipes-devtools, branch fido Mirror of openembedded-core git: Security fixes CVE-2015-7545 2016-02-29T15:05:16+00:00 Armin Kuster akuster@mvista.com 2016-02-24T01:38:25+00:00 0c4bdd61acbc1fa1b9bfb167d8eaf90c8bccc25c CVE-2015-7545 git: arbitrary code execution via crafted URLs Signed-off-by: Armin Kuster <akuster@mvista.com> Already in Jethro, not needed in master due to shipping a version of git which is already fixes (> 2.6.1) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> 
CVE-2015-7545 git: arbitrary code execution via crafted URLs

Signed-off-by: Armin Kuster <akuster@mvista.com>

Already in Jethro, not needed in master due to shipping a version of git
which is already fixes (> 2.6.1)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
qemu: Security fix CVE-2016-2198 2016-02-29T15:05:16+00:00 Armin Kuster akuster@mvista.com 2016-02-10T16:14:19+00:00 082031bdd4b5c5d4acea816c95d94a731b7855c2 CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write (From OE-Core master rev: 646a8cfa5398a22062541ba9c98539180ba85d58) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> 
CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write

(From OE-Core master rev: 646a8cfa5398a22062541ba9c98539180ba85d58)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
rpmresolve.c: Fix unfreed pointers that keep DB opened 2016-02-16T13:56:01+00:00 Mariano Lopez mariano.lopez@linux.intel.com 2015-12-29T10:25:02+00:00 8821b0443b4b39b3bd4f41800a6fc809197fda82 There are some unfreed rpmmi pointers in printDepList() function; this happens when the package have null as the requirement. This patch fixes these unfreed pointers and add small changes to keep consistency with some variables. [YOCTO #8028] (From OE-Core master rev: da7aa183f94adc1d0fff5bb81e827c584f9938ec) Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> 
There are some unfreed rpmmi pointers in printDepList()
function; this happens when the package have null as
the requirement.

This patch fixes these unfreed pointers and add small
changes to keep consistency with some variables.

[YOCTO #8028]

(From OE-Core master rev: da7aa183f94adc1d0fff5bb81e827c584f9938ec)

Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
dpkg: Security fix CVE-2015-0860 2016-02-07T17:22:53+00:00 Armin Kuster akuster@mvista.com 2016-01-30T22:12:44+00:00 4dea3e7b9a0041e7359981e68c561e7de8ad3ae5 CVE-2015-0860 dpkg: stack overflows and out of bounds read (From OE-Core rev: 5aaec01acc9e5a19374a566307a425d43c887f4b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
CVE-2015-0860 dpkg: stack overflows and out of bounds read

(From OE-Core rev: 5aaec01acc9e5a19374a566307a425d43c887f4b)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
qemu: Security fix CVE-2015-7295 2016-02-07T17:20:58+00:00 Armin Kuster akuster@mvista.com 2016-02-06T23:14:55+00:00 3a7c84952d40f95b0f34bc35eef4490ecc8da07e CVE-2015-7295 Qemu: net: virtio-net possible remote DoS (From OE-Core rev: 74771f8c41aaede0ddfb86983c6841bd1f1c1f0f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2015-7295 Qemu: net: virtio-net possible remote DoS

(From OE-Core rev: 74771f8c41aaede0ddfb86983c6841bd1f1c1f0f)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemu: Security fix CVE-2016-1568 2016-02-07T17:20:58+00:00 Armin Kuster akuster@mvista.com 2016-02-06T23:14:54+00:00 c2361dd9bb663b00dd194cb7fdb0e07d7e1ab5e1 CVE-2016-1568 Qemu: ide: ahci use-after-free vulnerability in aio port commands (From OE-Core rev: 166c19df8be28da255cc68032e2d11afc59d4197) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2016-1568 Qemu: ide: ahci use-after-free vulnerability in aio port commands

(From OE-Core rev: 166c19df8be28da255cc68032e2d11afc59d4197)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemu: Security fix CVE-2015-8345 2016-02-07T17:20:58+00:00 Armin Kuster akuster@mvista.com 2016-02-06T23:14:53+00:00 e51fc319b859f44be61822d93e0b72647a02f7c6 CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list (From OE-Core rev: 99ffcd66895e4ba064542a1797057e45ec4d3220) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list

(From OE-Core rev: 99ffcd66895e4ba064542a1797057e45ec4d3220)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemu: Security fix CVE-2015-7512 2016-02-07T17:20:58+00:00 Armin Kuster akuster@mvista.com 2016-02-06T23:14:52+00:00 90d2a8eb0853f506a457e9935f4354c71d2fc9c9 CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mod (From OE-Core rev: e6e9be51f77c9531f49cebe0ca6b495c23cf022d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mod

(From OE-Core rev: e6e9be51f77c9531f49cebe0ca6b495c23cf022d)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemu: Security fix CVE-2015-7504 2016-02-07T17:20:58+00:00 Armin Kuster akuster@mvista.com 2016-02-06T23:14:51+00:00 10752d6beb5520ec0fc83a7d0173e10144b11685 CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode (From OE-Core rev: b01b569d7d7e651a35fa38750462f13aeb64a2f3) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode

(From OE-Core rev: b01b569d7d7e651a35fa38750462f13aeb64a2f3)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemu: Security fix CVE-2015-8504 2016-02-07T17:20:58+00:00 Armin Kuster akuster@mvista.com 2016-02-06T23:14:50+00:00 38f102a9271896a49aa32aacf2c2be3a14f51493 CVE-2015-8504 Qemu: ui: vnc: avoid floating point exception (From OE-Core rev: c622bdd7133d31d7fbefe87fb38187f0aea4b592) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2015-8504 Qemu: ui: vnc: avoid floating point exception

(From OE-Core rev: c622bdd7133d31d7fbefe87fb38187f0aea4b592)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>