openembedded-core.git - Mirror of openembedded-core

diff options

author	Roy Li <rongqing.li@windriver.com>	2015-04-29 16:09:38 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-04-30 23:01:28 +0100
commit	079445990f51f98c8d4f9397dec0ed91ca2490c3 (patch)
tree	d70b2a8f9ed964c74996ff2234183ed2f0eb468d /meta/recipes-extended/man-pages
parent	3c58712465494e441c4036a7cf21d2e6d343efab (diff)
download	openembedded-core-079445990f51f98c8d4f9397dec0ed91ca2490c3.tar.gz openembedded-core-079445990f51f98c8d4f9397dec0ed91ca2490c3.tar.bz2 openembedded-core-079445990f51f98c8d4f9397dec0ed91ca2490c3.zip

dpkg: upgrade to 1.17.25

upgrade to fix two CVE defects: CVE-2014-8625 and CVE-2015-0840 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8625 Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0840 The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-extended/man-pages')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: