]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ab69b75) | patch
xz: fix CVE-2022-1271
authorRalph Siemsen <ralph.siemsen@linaro.org>
Sat, 9 Apr 2022 02:16:33 +0000 (22:16 -0400)
committerAnuj Mittal <anuj.mittal@intel.com>
Tue, 19 Apr 2022 14:22:49 +0000 (22:22 +0800)
commitdd6239a0f6173115968278cfd58a5efa228aee7d
tree7b356e012402c88c7523cc25ce882b498b77b130tree | snapshot
parentab69b7566f04aa5495c0004064d41784734c9e84commit | diff
xz: fix CVE-2022-1271

Malicious filenames can make xzgrep to write to arbitrary files
or (with a GNU sed extension) lead to arbitrary code execution.

Upstream-Status: Backport [https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch]
CVE: CVE-2022-1271

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 97bf86ccde4417daec8ef3945071a50a09134bc6)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
meta/recipes-extended/xz/xz/CVE-2022-1271.patch [new file with mode: 0644] blob
meta/recipes-extended/xz/xz_5.2.5.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core