All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] dpkg: upgrade to 1.17.25
@ 2015-04-29  8:09 rongqing.li
  2015-05-04 15:14 ` Aníbal Limón
  0 siblings, 1 reply; 2+ messages in thread
From: rongqing.li @ 2015-04-29  8:09 UTC (permalink / raw)
  To: openembedded-core

From: Roy Li <rongqing.li@windriver.com>

upgrade to fix two CVE defects: CVE-2014-8625 and CVE-2015-0840

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8625

Multiple format string vulnerabilities in the parse_error_msg
function in parsehelp.c in dpkg before 1.17.22 allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via format string specifiers in the (1) package or (2)
architecture name.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before
1.17.25 allows remote attackers to bypass signature verification
via a crafted Debian source control file (.dsc).

Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
 meta/recipes-devtools/dpkg/{dpkg_1.17.21.bb => dpkg_1.17.25.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/dpkg/{dpkg_1.17.21.bb => dpkg_1.17.25.bb} (81%)

diff --git a/meta/recipes-devtools/dpkg/dpkg_1.17.21.bb b/meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
similarity index 81%
rename from meta/recipes-devtools/dpkg/dpkg_1.17.21.bb
rename to meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
index ebb8671..74b1dd0 100644
--- a/meta/recipes-devtools/dpkg/dpkg_1.17.21.bb
+++ b/meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
@@ -15,6 +15,6 @@ SRC_URI += "file://noman.patch \
             file://add_armeb_triplet_entry.patch \
            "
 
-SRC_URI[md5sum] = "765a96fd0180196613bbfa3c4aef0775"
-SRC_URI[sha256sum] = "3ed776627181cb9c1c9ba33f94a6319084be2e9ec9c23dd61ce784c4f602cf05"
+SRC_URI[md5sum] = "e48fcfdb2162e77d72c2a83432d537ca"
+SRC_URI[sha256sum] = "07019d38ae98fb107c79dbb3690cfadff877f153b8c4970e3a30d2e59aa66baa"
 
-- 
2.1.0



^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] dpkg: upgrade to 1.17.25
  2015-04-29  8:09 [PATCH] dpkg: upgrade to 1.17.25 rongqing.li
@ 2015-05-04 15:14 ` Aníbal Limón
  0 siblings, 0 replies; 2+ messages in thread
From: Aníbal Limón @ 2015-05-04 15:14 UTC (permalink / raw)
  To: rongqing.li, openembedded-core

Hi,


On 29/04/15 03:09, rongqing.li@windriver.com wrote:
> From: Roy Li <rongqing.li@windriver.com>
>
> upgrade to fix two CVE defects: CVE-2014-8625 and CVE-2015-0840
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8625
>
> Multiple format string vulnerabilities in the parse_error_msg
> function in parsehelp.c in dpkg before 1.17.22 allow remote attackers
> to cause a denial of service (crash) and possibly execute arbitrary
> code via format string specifiers in the (1) package or (2)
> architecture name.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0840
>
> The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before
> 1.17.25 allows remote attackers to bypass signature verification
> via a crafted Debian source control file (.dsc).
>
> Signed-off-by: Roy Li <rongqing.li@windriver.com>
> ---
>   meta/recipes-devtools/dpkg/{dpkg_1.17.21.bb => dpkg_1.17.25.bb} | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>   rename meta/recipes-devtools/dpkg/{dpkg_1.17.21.bb => dpkg_1.17.25.bb} (81%)
>
> diff --git a/meta/recipes-devtools/dpkg/dpkg_1.17.21.bb b/meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
> similarity index 81%
> rename from meta/recipes-devtools/dpkg/dpkg_1.17.21.bb
> rename to meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
> index ebb8671..74b1dd0 100644
> --- a/meta/recipes-devtools/dpkg/dpkg_1.17.21.bb
> +++ b/meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
> @@ -15,6 +15,6 @@ SRC_URI += "file://noman.patch \
>               file://add_armeb_triplet_entry.patch \
>              "
>   
> -SRC_URI[md5sum] = "765a96fd0180196613bbfa3c4aef0775"
> -SRC_URI[sha256sum] = "3ed776627181cb9c1c9ba33f94a6319084be2e9ec9c23dd61ce784c4f602cf05"
> +SRC_URI[md5sum] = "e48fcfdb2162e77d72c2a83432d537ca"
> +SRC_URI[sha256sum] = "07019d38ae98fb107c79dbb3690cfadff877f153b8c4970e3a30d2e59aa66baa"
>   

Acked-by: Aníbal Limón <anibal.limon@linux.intel.com>

Cheers,
     alimon


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-05-04 15:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-04-29  8:09 [PATCH] dpkg: upgrade to 1.17.25 rongqing.li
2015-05-04 15:14 ` Aníbal Limón

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.