diff options
author | Kai Kang <kai.kang@windriver.com> | 2014-10-15 13:56:24 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-10-18 16:14:04 +0200 |
commit | bacc6575a933b5df4ca8fcb90a5ce2326013c7a3 (patch) | |
tree | 52a4afe1167b87dda66562c90f519806574e125a /meta/recipes-core/readline/readline_6.3.bb | |
parent | 7a9f5c9120d9330fae5f432630de120be11c28d9 (diff) | |
download | ast2050-yocto-poky-bacc6575a933b5df4ca8fcb90a5ce2326013c7a3.zip ast2050-yocto-poky-bacc6575a933b5df4ca8fcb90a5ce2326013c7a3.tar.gz |
readline: Security Advisory - readline - CVE-2014-2524
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3
allows local users to create or overwrite arbitrary files via a symlink
attack on a /var/tmp/rltrace.[PID] file.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2524
(From OE-Core rev: 0e95eef8817f51504dcc50d855dcbef172cfc897)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/readline/readline_6.3.bb')
-rw-r--r-- | meta/recipes-core/readline/readline_6.3.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-core/readline/readline_6.3.bb b/meta/recipes-core/readline/readline_6.3.bb index aa30f66..f02f197 100644 --- a/meta/recipes-core/readline/readline_6.3.bb +++ b/meta/recipes-core/readline/readline_6.3.bb @@ -1,5 +1,7 @@ require readline.inc +SRC_URI += "file://readline63-003" + SRC_URI[archive.md5sum] = "33c8fb279e981274f485fd91da77e94a" SRC_URI[archive.sha256sum] = "56ba6071b9462f980c5a72ab0023893b65ba6debb4eeb475d7a563dc65cafd43" |