]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 12328df) | patch
rsync: fix CVE-2024-12088
authorArchana Polampalli <archana.polampalli@windriver.com>
Thu, 16 Jan 2025 15:51:18 +0000 (15:51 +0000)
committerSteve Sakoman <steve@sakoman.com>
Sat, 18 Jan 2025 14:18:48 +0000 (06:18 -0800)
commit741200c41a19ef5b4876d9a80667dfde2e5f4a9d
treee3a5c32abe9de9fc30b25ed650032d50ebe81a87tree | snapshot
parent12328df8dfcdc73ef70af299e9ebdc1d8ae73f37commit | diff
rsync: fix CVE-2024-12088

A flaw was found in rsync. When using the `--safe-links` option, rsync fails to
properly verify if a symbolic link destination contains another symbolic link within it.
This results in a path traversal vulnerability, which may lead to arbitrary file write
outside the desired directory

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/rsync/files/CVE-2024-12088.patch [new file with mode: 0644] blob
meta/recipes-devtools/rsync/rsync_3.2.7.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib