[yocto-security] [OE-core CVE] branch thud updated. 2018-10-491-gf5be8c8
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Tue Oct 8 14:52:56 PDT 2019
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, thud has been updated
via f5be8c8309a932cde507ba24d042880a922df0b6 (commit)
via 20b23cb40917b1c83b862817b13f0eefc8fa7a64 (commit)
via e2869ff2f76adb2b1ba6f003d6d02d242afe49e8 (commit)
via 308c44fd8f1d7d348c6c7cf9054f9c8403d8e8bd (commit)
via 07cd0d606fea63e683c7de7ebfaa6a55170b8318 (commit)
via c9c3fabddb4e1779ef330f2073f85dce83cb460b (commit)
via 5862716f22ca9f5745d3bca85c6ed0d8c35c437b (commit)
via 3f1c02aa7b7d485e64503d601124c335d4b7299f (commit)
via 981eeec0f26f25db444782f40a86c558a2358215 (commit)
via 5deab12cdcf1d7372634324e1fd70145ff59f9f9 (commit)
via 109e8420c8a4e94dccb3c83e2b0b7fc6ceb66b04 (commit)
via d0e2babdab1625e86d0abc7fa7dab25caa73ccb6 (commit)
via 6018e9755dce3eaa22a1fe691dc18546c43c9cbe (commit)
via b24447b40e4988e337bdd4b5cf194df0827f9887 (commit)
via 25b2f2c6fc67eabb0e7f0b7c5ffe08c554613c10 (commit)
via 16f4520f5cb581eb93bd3f0e3aa1feecc5c567ba (commit)
via a367928942411b36a0b0bbb95055d01548430e8e (commit)
via 79205966072bb6179d96b3af5aabc521da83e841 (commit)
via fac2d3846dadfda256e94500bdf33f546a8d1fb4 (commit)
via 2cebc7faa10c7ac6f60437658702f7adce3b3a89 (commit)
via 51f7ecf2259e1fb669cd84c5317cbd8810d731b7 (commit)
via 144363decc922ed03a584eb9b29cf9808a469d08 (commit)
via 75a4b4d8fb14414bbe2e38be8ccda0af94ef9b40 (commit)
via ad90312adabbad951f62e3bd4ad95fcc763ad0c4 (commit)
via bd367f58d9d6b5f0ce213e1be36763c5a9e425b6 (commit)
via f965ecbf558b6db1959e4ba8e599d65a5c8022b2 (commit)
from d3d3f443039b03f1200a14bfe99f985592632018 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f5be8c8309a932cde507ba24d042880a922df0b6
Author: Bruce Ashfield <bruce.ashfield at gmail.com>
Date: Sun Sep 15 09:59:24 2019 -0400
linux-yocto/4.14: update to v4.14.143
Updating to the latest 4.14 -stable. Lightly build and boot tested
on qemu*
Signed-off-by: Bruce Ashfield <bruce.ashfield at gmail.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 20b23cb40917b1c83b862817b13f0eefc8fa7a64
Author: Anuj Mittal <anuj.mittal at intel.com>
Date: Mon Aug 19 21:47:09 2019 +0800
pango: fix CVE-2019-1010238
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
(cherry picked from commit 65631a048f57965745dc8cc23cb80c4c3a71ba94)
[Fix up for thud context]
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit e2869ff2f76adb2b1ba6f003d6d02d242afe49e8
Author: Anuj Mittal <anuj.mittal at intel.com>
Date: Wed Aug 21 09:58:18 2019 +0800
patch: backport fixes
The original fix for CVE-2018-1000156 was incomplete. Backport more
fixes done later for a complete fix.
Also see:
https://savannah.gnu.org/bugs/index.php?53820
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
(cherry picked from commit 12f9689cba740da6b8c7d9292c74c3992c2e18f2)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 308c44fd8f1d7d348c6c7cf9054f9c8403d8e8bd
Author: Trevor Gamblin <trevor.gamblin at windriver.com>
Date: Wed Aug 21 09:58:17 2019 +0800
patch: fix CVE-2019-13638
(From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781)
Signed-off-by: Trevor Gamblin <trevor.gamblin at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
(cherry picked from commit 555b0642579c00c41bc3daab9cef08452f9834d5)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 07cd0d606fea63e683c7de7ebfaa6a55170b8318
Author: Anuj Mittal <anuj.mittal at intel.com>
Date: Thu Jul 25 12:02:59 2019 +0800
libxslt: fix CVE-2019-13117 CVE-2019-13118
(From OE-Core rev: 7dc3048fec88dd62ef49ef16517b7382ab7cf2a5)
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
[Fixup for thud context]
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit c9c3fabddb4e1779ef330f2073f85dce83cb460b
Author: Muminul Islam <misla011 at fiu.edu>
Date: Thu Sep 12 21:23:05 2019 +0000
libxslt: Cve fix CVE-2019-11068
Signed-off-by: Muminul Islam <muislam at microsoft.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 5862716f22ca9f5745d3bca85c6ed0d8c35c437b
Author: Dan Tran <dantran at microsoft.com>
Date: Wed Sep 11 18:58:52 2019 +0000
python3: Fix CVEs
Fixes CVE-2018-14647, CVE-2018-20406, CVE-2018-20852, CVE-2019-9636,
CVE-2019-9740, and CVE-2019-9747.
Signed-off-by: Dan Tran <dantran at microsoft.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 3f1c02aa7b7d485e64503d601124c335d4b7299f
Author: Dan Tran <dantran at microsoft.com>
Date: Mon Sep 9 18:24:01 2019 +0000
python: Fix 3 CVEs
Fixes CVE-2018-20852, CVE-2019-9740, and CVE-2019-9747
Signed-off-by: Dan Tran <dantran at microsoft.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 981eeec0f26f25db444782f40a86c558a2358215
Author: Dan Tran <dantran at microsoft.com>
Date: Mon Sep 9 17:31:25 2019 +0000
binutils: Fix 4 CVEs
Fixes CVE-2018-20623, CVE-2018-20651, CVE-2018-20-671, and
CVE-2018-1000876 for binutils 2.31.1.
Signed-off-by: Dan Tran <dantran at microsoft.com>
[fixed up .inc for thud-next context]
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 5deab12cdcf1d7372634324e1fd70145ff59f9f9
Author: Adrian Bunk <bunk at stusta.de>
Date: Sun Apr 14 23:20:46 2019 +0300
dhcp: Replace OE specific patch for compatibility with latest bind with upstream patch
This also fixes a dhcp breakage noticed by Enrico Scholz.
Signed-off-by: Adrian Bunk <bunk at stusta.de>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 109e8420c8a4e94dccb3c83e2b0b7fc6ceb66b04
Author: Ruslan Bilovol <ruslan.bilovol at gmail.com>
Date: Sat Jan 26 14:57:57 2019 +0200
dhcp: drop lost patch
Commit 7cb42ae87ef9 "dhcp: update 4.4.1" dropped
0008-tweak-to-support-external-bind.patch
from recipe, but left the patch itself in source tree.
Remove this patch since nobody uses it.
Cc: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Ruslan Bilovol <ruslan.bilovol at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit d0e2babdab1625e86d0abc7fa7dab25caa73ccb6
Author: Armin Kuster <akuster808 at gmail.com>
Date: Wed Oct 24 01:19:46 2018 +0100
dhcp: fix issue with new bind changes
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 6018e9755dce3eaa22a1fe691dc18546c43c9cbe
Author: Armin Kuster <akuster at mvista.com>
Date: Thu Sep 5 07:21:18 2019 -0700
go: update to 1.11.13, minor updates
Source: golang.org
MR: 99376
Type: Security Fix
Disposition: Backport from golang.org
ChangeID: 41576ab4a0abdebbc44f1a35a83bf04e5f2fde06
Description:
https://golang.org/doc/devel/release.html
go1.11.11 (released 2019/06/11) includes a fix to the crypto/x509 package. See the Go 1.11.11 milestone on our issue tracker for details.
go1.11.12 (released 2019/07/08) includes fixes to the compiler and the linker. See the Go 1.11.12 milestone on our issue tracker for details.
go1.11.13 (released 2019/08/13) includes security fixes to the net/http and net/url packages. See the Go 1.11.13 milestone on our issue tracker for details.
Includes CVE: CVE-2019-14809
Signed-off-by: Armin Kuster <akuster at mvista.com>
commit b24447b40e4988e337bdd4b5cf194df0827f9887
Author: Adrian Bunk <bunk at stusta.de>
Date: Mon Apr 8 15:08:56 2019 +0300
bind: upgrade 9.11.5 -> 9.11.5-P4
Source: OE.org
MR: 99751, 99752, 99753
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-connectivity/bind?h=warrior&id=5d286da0fbe1a7ded2f84eec990e49d221bdeab4
ChangeID: ce3719ea11bd03af3baeca51a22115badf84be01
Description:
Bugfix-only compared to 9.11.5, mostly CVE fixes.
COPYRIGHT checksum changed due to 2018 -> 2019.
Signed-off-by: Adrian Bunk <bunk at stusta.de>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
[Included cves:
CVE-2018-5744
CVE-2018-5745
CVE-2019-6465
]
Signed-off-by: Armin Kuster <akuster at mvista.com>
commit 25b2f2c6fc67eabb0e7f0b7c5ffe08c554613c10
Author: Armin Kuster <akuster at mvista.com>
Date: Wed Sep 4 22:44:12 2019 -0700
bind: update to latest LTS 9.11.5
Source: bind.org
MR: 99750
Type: Security Fix
Disposition: Backport from bind.org
ChangeID: bca5c436229f1b8c7e8eb3e45fc6188ffdb5e224
Description:
includes:
CVE-2018-5738
drop patch for CVE-2018-5740 now included in update
see: https://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html
Add RECIPE_NO_UPDATE_REASON for lts
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
[Also includes CVE-2018-5740]
Signed-off-by: Armin Kuster <akuster at mvista.com>
commit 16f4520f5cb581eb93bd3f0e3aa1feecc5c567ba
Author: Armin Kuster <akuster at mvista.com>
Date: Sat Aug 31 15:56:48 2019 -0700
binutils: Security fix for CVE-2019-12972
Source: git://sourceware.org / binutils-gdb.git
MR: 98770
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031
ChangeID: 7ced6bffbe01cbeadf50177eb332eef514baa19c
Description:
Fixes CVE-2019-12972
Signed-off-by: Armin Kuster <akuster at mvista.com>
[v2]
forgot to refresh inc file before sending
commit a367928942411b36a0b0bbb95055d01548430e8e
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sat Aug 31 13:08:36 2019 -0700
binutils: Security fix for CVE-2019-14444
Source: git://sourceware.org / binutils-gdb.git
MR: 99255
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7
ChangeID: 67ad4ab1ec34b941bdcfbb4f55d16176bbbd3d72
Description:
Affects: <= 2.32.0
Fixes CVE-2019-14444
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 79205966072bb6179d96b3af5aabc521da83e841
Author: Armin Kuster <akuster at mvista.com>
Date: Sat Aug 31 08:40:01 2019 -0700
gcc: Security fix for CVE-2019-14250
Source: gcc.org
MR: 99120
Type: Security Fix
Disposition: Backport from https://gcc.gnu.org/viewcvs?rev=273794&root=gcc&view=rev
ChangeID: 28ab763c18f1543607181cd9657f45f7752b6fcb
Description:
Affects < 9.2
Signed-off-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit fac2d3846dadfda256e94500bdf33f546a8d1fb4
Author: Bartosz Golaszewski <bgolaszewski at baylibre.com>
Date: Sun Jul 28 13:06:47 2019 +0200
qemu: add a patch fixing the native build on newer kernels
The build fails on qemu-native if we're using kernels after commit
0768e17073dc527ccd18ed5f96ce85f9985e9115. This adds an upstream
patch that fixes the issue.
Signed-off-by: Bartosz Golaszewski <bgolaszewski at baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
[Refactoried for thud context]
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 2cebc7faa10c7ac6f60437658702f7adce3b3a89
Author: Andrii Bordunov via Openembedded-core <openembedded-core at lists.openembedded.org>
Date: Tue Aug 13 23:25:58 2019 +0000
libcomps: fix CVE-2019-3817
Signed-off-by: Kevin Weng <t-keweng at microsoft.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 51f7ecf2259e1fb669cd84c5317cbd8810d731b7
Author: Andrii Bordunov via Openembedded-core <openembedded-core at lists.openembedded.org>
Date: Tue Aug 13 23:25:57 2019 +0000
glib-2.0: fix CVE-2019-13012
Signed-off-by: Kevin Weng <t-keweng at microsoft.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 144363decc922ed03a584eb9b29cf9808a469d08
Author: Andrii Bordunov via Openembedded-core <openembedded-core at lists.openembedded.org>
Date: Tue Aug 13 23:25:56 2019 +0000
dbus: fix CVE-2019-12749
Signed-off-by: Kevin Weng <t-keweng at microsoft.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 75a4b4d8fb14414bbe2e38be8ccda0af94ef9b40
Author: Andrii Bordunov via Openembedded-core <openembedded-core at lists.openembedded.org>
Date: Tue Aug 13 23:25:52 2019 +0000
curl: fix CVE-2018-16890 CVE-2019-3822 CVE-2019-3823
Signed-off-by: Kevin Weng <t-keweng at microsoft.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit ad90312adabbad951f62e3bd4ad95fcc763ad0c4
Author: Anuj Mittal <anuj.mittal at intel.com>
Date: Tue Jul 30 20:26:53 2019 +0800
python3: fix CVE-2019-9740
CVE-2019-9947 is same as CVE-2019-9740 and mark it as such. See:
https://bugs.python.org/issue30458
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit bd367f58d9d6b5f0ce213e1be36763c5a9e425b6
Author: Anuj Mittal <anuj.mittal at intel.com>
Date: Tue Jul 30 20:26:52 2019 +0800
patch: fix CVE-2019-13636
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit f965ecbf558b6db1959e4ba8e599d65a5c8022b2
Author: Alexander Kanavin <alex.kanavin at gmail.com>
Date: Wed Apr 24 18:34:15 2019 +0200
buildhistory: call a dependency parser only on actual dependency lists
Previously it was also called on filelists and possibly other items which
broke the parser.
Signed-off-by: Alexander Kanavin <alex.kanavin at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
-----------------------------------------------------------------------
Summary of changes:
meta/lib/oe/buildhistory_analysis.py | 2 +-
.../bind/bind/CVE-2018-5740.patch | 72 -----
.../bind/{bind_9.11.4.bb => bind_9.11.5-P4.bb} | 8 +-
...d-includes-of-new-BIND9-compatibility-hea.patch | 79 +++++
.../dhcp/0008-tweak-to-support-external-bind.patch | 117 -------
meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb | 1 +
meta/recipes-core/dbus/dbus/CVE-2019-12749.patch | 127 ++++++++
meta/recipes-core/dbus/dbus_1.12.10.bb | 1 +
.../glib-2.0/glib-2.0/CVE-2019-13012.patch | 47 +++
meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb | 1 +
meta/recipes-devtools/binutils/binutils-2.31.inc | 6 +
.../binutils/binutils/CVE-2018-1000876.patch | 180 +++++++++++
.../binutils/binutils/CVE-2018-20623.patch | 74 +++++
.../binutils/binutils/CVE-2018-20651.patch | 35 +++
.../binutils/binutils/CVE-2018-20671.patch | 49 +++
.../binutils/binutils/CVE-2019-12972.patch | 39 +++
.../binutils/binutils/CVE-2019-14444.patch | 33 ++
meta/recipes-devtools/gcc/gcc-8.2.inc | 1 +
.../gcc/gcc-8.2/CVE-2019-14250.patch | 44 +++
meta/recipes-devtools/go/go-1.11.inc | 6 +-
.../libcomps/libcomps/CVE-2019-3817.patch | 97 ++++++
meta/recipes-devtools/libcomps/libcomps_git.bb | 1 +
...k-temporary-file-on-failed-ed-style-patch.patch | 93 ++++++
...ak-temporary-file-on-failed-multi-file-ed.patch | 80 +++++
...ke-ed-directly-instead-of-using-the-shell.patch | 44 +++
.../patch/patch/CVE-2019-13636.patch | 113 +++++++
meta/recipes-devtools/patch/patch_2.7.6.bb | 4 +
.../python/python/bpo-30458-cve-2019-9740.patch | 219 ++++++++++++++
.../python/python/bpo-35121-cve-2018-20852.patch | 127 ++++++++
.../python/python3/CVE-2018-14647.patch | 95 ++++++
.../python/python3/CVE-2018-20406.patch | 217 +++++++++++++
.../python/python3/CVE-2018-20852.patch | 129 ++++++++
.../python/python3/CVE-2019-9636.patch | 154 ++++++++++
.../python/python3/CVE-2019-9740.patch | 155 ++++++++++
meta/recipes-devtools/python/python3_3.5.6.bb | 5 +
meta/recipes-devtools/python/python_2.7.16.bb | 2 +
...error-messages-when-qemi_cpu_kick_thread-.patch | 19 +-
...fix-to-handle-variably-sized-SIOCGSTAMP-w.patch | 336 +++++++++++++++++++++
meta/recipes-devtools/qemu/qemu_3.0.0.bb | 1 +
.../pango/pango/CVE-2019-1010238.patch | 38 +++
meta/recipes-graphics/pango/pango_1.42.4.bb | 4 +-
meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_4.14.bb | 20 +-
.../recipes-support/curl/curl/CVE-2018-16890.patch | 50 +++
meta/recipes-support/curl/curl/CVE-2019-3822.patch | 47 +++
meta/recipes-support/curl/curl/CVE-2019-3823.patch | 55 ++++
meta/recipes-support/curl/curl_7.61.0.bb | 3 +
.../libxslt/files/CVE-2019-13117.patch | 33 ++
.../libxslt/files/CVE-2019-13118.patch | 76 +++++
.../libxslt/libxslt/CVE-2019-11068.patch | 128 ++++++++
meta/recipes-support/libxslt/libxslt_1.1.32.bb | 5 +-
52 files changed, 3059 insertions(+), 225 deletions(-)
delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch
rename meta/recipes-connectivity/bind/{bind_9.11.4.bb => bind_9.11.5-P4.bb} (95%)
create mode 100644 meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch
delete mode 100644 meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
create mode 100644 meta/recipes-core/dbus/dbus/CVE-2019-12749.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-1000876.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-20623.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-20651.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch
create mode 100644 meta/recipes-devtools/gcc/gcc-8.2/CVE-2019-14250.patch
create mode 100644 meta/recipes-devtools/libcomps/libcomps/CVE-2019-3817.patch
create mode 100644 meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch
create mode 100644 meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch
create mode 100644 meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
create mode 100644 meta/recipes-devtools/patch/patch/CVE-2019-13636.patch
create mode 100644 meta/recipes-devtools/python/python/bpo-30458-cve-2019-9740.patch
create mode 100644 meta/recipes-devtools/python/python/bpo-35121-cve-2018-20852.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2018-14647.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2018-20406.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2018-20852.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2019-9636.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2019-9740.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch
create mode 100644 meta/recipes-graphics/pango/pango/CVE-2019-1010238.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16890.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2019-3822.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2019-3823.patch
create mode 100644 meta/recipes-support/libxslt/files/CVE-2019-13117.patch
create mode 100644 meta/recipes-support/libxslt/files/CVE-2019-13118.patch
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2019-11068.patch
hooks/post-receive
--
More information about the yocto-security
mailing list