[yocto-security] [OE-core CVE] branch thud updated. 2018-10-491-gf5be8c8

cve-notice at lists.openembedded.org cve-notice at lists.openembedded.org
Tue Oct 8 14:52:56 PDT 2019


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".

The branch, thud has been updated
       via  f5be8c8309a932cde507ba24d042880a922df0b6 (commit)
       via  20b23cb40917b1c83b862817b13f0eefc8fa7a64 (commit)
       via  e2869ff2f76adb2b1ba6f003d6d02d242afe49e8 (commit)
       via  308c44fd8f1d7d348c6c7cf9054f9c8403d8e8bd (commit)
       via  07cd0d606fea63e683c7de7ebfaa6a55170b8318 (commit)
       via  c9c3fabddb4e1779ef330f2073f85dce83cb460b (commit)
       via  5862716f22ca9f5745d3bca85c6ed0d8c35c437b (commit)
       via  3f1c02aa7b7d485e64503d601124c335d4b7299f (commit)
       via  981eeec0f26f25db444782f40a86c558a2358215 (commit)
       via  5deab12cdcf1d7372634324e1fd70145ff59f9f9 (commit)
       via  109e8420c8a4e94dccb3c83e2b0b7fc6ceb66b04 (commit)
       via  d0e2babdab1625e86d0abc7fa7dab25caa73ccb6 (commit)
       via  6018e9755dce3eaa22a1fe691dc18546c43c9cbe (commit)
       via  b24447b40e4988e337bdd4b5cf194df0827f9887 (commit)
       via  25b2f2c6fc67eabb0e7f0b7c5ffe08c554613c10 (commit)
       via  16f4520f5cb581eb93bd3f0e3aa1feecc5c567ba (commit)
       via  a367928942411b36a0b0bbb95055d01548430e8e (commit)
       via  79205966072bb6179d96b3af5aabc521da83e841 (commit)
       via  fac2d3846dadfda256e94500bdf33f546a8d1fb4 (commit)
       via  2cebc7faa10c7ac6f60437658702f7adce3b3a89 (commit)
       via  51f7ecf2259e1fb669cd84c5317cbd8810d731b7 (commit)
       via  144363decc922ed03a584eb9b29cf9808a469d08 (commit)
       via  75a4b4d8fb14414bbe2e38be8ccda0af94ef9b40 (commit)
       via  ad90312adabbad951f62e3bd4ad95fcc763ad0c4 (commit)
       via  bd367f58d9d6b5f0ce213e1be36763c5a9e425b6 (commit)
       via  f965ecbf558b6db1959e4ba8e599d65a5c8022b2 (commit)
      from  d3d3f443039b03f1200a14bfe99f985592632018 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f5be8c8309a932cde507ba24d042880a922df0b6
Author: Bruce Ashfield <bruce.ashfield at gmail.com>
Date:   Sun Sep 15 09:59:24 2019 -0400

    linux-yocto/4.14: update to v4.14.143
    
    Updating to the latest 4.14 -stable. Lightly build and boot tested
    on qemu*
    
    Signed-off-by: Bruce Ashfield <bruce.ashfield at gmail.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 20b23cb40917b1c83b862817b13f0eefc8fa7a64
Author: Anuj Mittal <anuj.mittal at intel.com>
Date:   Mon Aug 19 21:47:09 2019 +0800

    pango: fix CVE-2019-1010238
    
    Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    (cherry picked from commit 65631a048f57965745dc8cc23cb80c4c3a71ba94)
    [Fix up for thud context]
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit e2869ff2f76adb2b1ba6f003d6d02d242afe49e8
Author: Anuj Mittal <anuj.mittal at intel.com>
Date:   Wed Aug 21 09:58:18 2019 +0800

    patch: backport fixes
    
    The original fix for CVE-2018-1000156 was incomplete. Backport more
    fixes done later for a complete fix.
    
    Also see:
    https://savannah.gnu.org/bugs/index.php?53820
    
    Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    (cherry picked from commit 12f9689cba740da6b8c7d9292c74c3992c2e18f2)
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 308c44fd8f1d7d348c6c7cf9054f9c8403d8e8bd
Author: Trevor Gamblin <trevor.gamblin at windriver.com>
Date:   Wed Aug 21 09:58:17 2019 +0800

    patch: fix CVE-2019-13638
    
    (From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781)
    
    Signed-off-by: Trevor Gamblin <trevor.gamblin at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    (cherry picked from commit 555b0642579c00c41bc3daab9cef08452f9834d5)
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 07cd0d606fea63e683c7de7ebfaa6a55170b8318
Author: Anuj Mittal <anuj.mittal at intel.com>
Date:   Thu Jul 25 12:02:59 2019 +0800

    libxslt: fix CVE-2019-13117 CVE-2019-13118
    
    (From OE-Core rev: 7dc3048fec88dd62ef49ef16517b7382ab7cf2a5)
    
    Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    [Fixup for thud context]
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit c9c3fabddb4e1779ef330f2073f85dce83cb460b
Author: Muminul Islam <misla011 at fiu.edu>
Date:   Thu Sep 12 21:23:05 2019 +0000

    libxslt: Cve fix CVE-2019-11068
    
    Signed-off-by: Muminul Islam <muislam at microsoft.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 5862716f22ca9f5745d3bca85c6ed0d8c35c437b
Author: Dan Tran <dantran at microsoft.com>
Date:   Wed Sep 11 18:58:52 2019 +0000

    python3: Fix CVEs
    
    Fixes CVE-2018-14647, CVE-2018-20406, CVE-2018-20852, CVE-2019-9636,
    CVE-2019-9740, and CVE-2019-9747.
    
    Signed-off-by: Dan Tran <dantran at microsoft.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 3f1c02aa7b7d485e64503d601124c335d4b7299f
Author: Dan Tran <dantran at microsoft.com>
Date:   Mon Sep 9 18:24:01 2019 +0000

    python: Fix 3 CVEs
    
    Fixes CVE-2018-20852, CVE-2019-9740, and CVE-2019-9747
    
    Signed-off-by: Dan Tran <dantran at microsoft.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 981eeec0f26f25db444782f40a86c558a2358215
Author: Dan Tran <dantran at microsoft.com>
Date:   Mon Sep 9 17:31:25 2019 +0000

    binutils: Fix 4 CVEs
    
    Fixes CVE-2018-20623, CVE-2018-20651, CVE-2018-20-671, and
    CVE-2018-1000876 for binutils 2.31.1.
    
    Signed-off-by: Dan Tran <dantran at microsoft.com>
    [fixed up .inc for thud-next context]
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 5deab12cdcf1d7372634324e1fd70145ff59f9f9
Author: Adrian Bunk <bunk at stusta.de>
Date:   Sun Apr 14 23:20:46 2019 +0300

    dhcp: Replace OE specific patch for compatibility with latest bind with upstream patch
    
    This also fixes a dhcp breakage noticed by Enrico Scholz.
    
    Signed-off-by: Adrian Bunk <bunk at stusta.de>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 109e8420c8a4e94dccb3c83e2b0b7fc6ceb66b04
Author: Ruslan Bilovol <ruslan.bilovol at gmail.com>
Date:   Sat Jan 26 14:57:57 2019 +0200

    dhcp: drop lost patch
    
    Commit 7cb42ae87ef9 "dhcp: update 4.4.1" dropped
    0008-tweak-to-support-external-bind.patch
    from recipe, but left the patch itself in source tree.
    Remove this patch since nobody uses it.
    
    Cc: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Ruslan Bilovol <ruslan.bilovol at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit d0e2babdab1625e86d0abc7fa7dab25caa73ccb6
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Wed Oct 24 01:19:46 2018 +0100

    dhcp: fix issue with new bind changes
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 6018e9755dce3eaa22a1fe691dc18546c43c9cbe
Author: Armin Kuster <akuster at mvista.com>
Date:   Thu Sep 5 07:21:18 2019 -0700

    go: update to 1.11.13, minor updates
    
    Source: golang.org
    MR: 99376
    Type: Security Fix
    Disposition: Backport from golang.org
    ChangeID: 41576ab4a0abdebbc44f1a35a83bf04e5f2fde06
    Description:
    
    https://golang.org/doc/devel/release.html
    
    go1.11.11 (released 2019/06/11) includes a fix to the crypto/x509 package. See the Go 1.11.11 milestone on our issue tracker for details.
    
    go1.11.12 (released 2019/07/08) includes fixes to the compiler and the linker. See the Go 1.11.12 milestone on our issue tracker for details.
    
    go1.11.13 (released 2019/08/13) includes security fixes to the net/http and net/url packages. See the Go 1.11.13 milestone on our issue tracker for details.
    
    Includes CVE: CVE-2019-14809
    
    Signed-off-by: Armin Kuster <akuster at mvista.com>

commit b24447b40e4988e337bdd4b5cf194df0827f9887
Author: Adrian Bunk <bunk at stusta.de>
Date:   Mon Apr 8 15:08:56 2019 +0300

    bind: upgrade 9.11.5 -> 9.11.5-P4
    
    Source: OE.org
    MR: 99751, 99752, 99753
    Type: Security Fix
    Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-connectivity/bind?h=warrior&id=5d286da0fbe1a7ded2f84eec990e49d221bdeab4
    ChangeID: ce3719ea11bd03af3baeca51a22115badf84be01
    Description:
    
    Bugfix-only compared to 9.11.5, mostly CVE fixes.
    
    COPYRIGHT checksum changed due to 2018 -> 2019.
    
    Signed-off-by: Adrian Bunk <bunk at stusta.de>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    [Included cves:
    CVE-2018-5744
    CVE-2018-5745
    CVE-2019-6465
    ]
    Signed-off-by: Armin Kuster <akuster at mvista.com>

commit 25b2f2c6fc67eabb0e7f0b7c5ffe08c554613c10
Author: Armin Kuster <akuster at mvista.com>
Date:   Wed Sep 4 22:44:12 2019 -0700

    bind: update to latest LTS 9.11.5
    
    Source: bind.org
    MR: 99750
    Type: Security Fix
    Disposition: Backport from bind.org
    ChangeID: bca5c436229f1b8c7e8eb3e45fc6188ffdb5e224
    Description:
    
    includes:
    CVE-2018-5738
    
    drop patch for CVE-2018-5740 now included in update
    
    see: https://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html
    
    Add RECIPE_NO_UPDATE_REASON for lts
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    [Also includes CVE-2018-5740]
    Signed-off-by: Armin Kuster <akuster at mvista.com>

commit 16f4520f5cb581eb93bd3f0e3aa1feecc5c567ba
Author: Armin Kuster <akuster at mvista.com>
Date:   Sat Aug 31 15:56:48 2019 -0700

    binutils: Security fix for CVE-2019-12972
    
    Source: git://sourceware.org / binutils-gdb.git
    MR: 98770
    Type: Security Fix
    Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031
    ChangeID: 7ced6bffbe01cbeadf50177eb332eef514baa19c
    Description:
    
    Fixes CVE-2019-12972
    
    Signed-off-by: Armin Kuster <akuster at mvista.com>
    
    [v2]
    forgot to refresh inc file before sending

commit a367928942411b36a0b0bbb95055d01548430e8e
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Sat Aug 31 13:08:36 2019 -0700

    binutils: Security fix for CVE-2019-14444
    
    Source: git://sourceware.org / binutils-gdb.git
    MR: 99255
    Type: Security Fix
    Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7
    ChangeID: 67ad4ab1ec34b941bdcfbb4f55d16176bbbd3d72
    Description:
    
    Affects: <= 2.32.0
    
    Fixes CVE-2019-14444
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 79205966072bb6179d96b3af5aabc521da83e841
Author: Armin Kuster <akuster at mvista.com>
Date:   Sat Aug 31 08:40:01 2019 -0700

    gcc: Security fix for CVE-2019-14250
    
    Source: gcc.org
    MR: 99120
    Type: Security Fix
    Disposition: Backport from https://gcc.gnu.org/viewcvs?rev=273794&root=gcc&view=rev
    ChangeID: 28ab763c18f1543607181cd9657f45f7752b6fcb
    Description:
    
    Affects < 9.2
    
    Signed-off-by: Armin Kuster <akuster at mvista.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit fac2d3846dadfda256e94500bdf33f546a8d1fb4
Author: Bartosz Golaszewski <bgolaszewski at baylibre.com>
Date:   Sun Jul 28 13:06:47 2019 +0200

    qemu: add a patch fixing the native build on newer kernels
    
    The build fails on qemu-native if we're using kernels after commit
    0768e17073dc527ccd18ed5f96ce85f9985e9115. This adds an upstream
    patch that fixes the issue.
    
    Signed-off-by: Bartosz Golaszewski <bgolaszewski at baylibre.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    [Refactoried for thud context]
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 2cebc7faa10c7ac6f60437658702f7adce3b3a89
Author: Andrii Bordunov via Openembedded-core <openembedded-core at lists.openembedded.org>
Date:   Tue Aug 13 23:25:58 2019 +0000

    libcomps: fix CVE-2019-3817
    
    Signed-off-by: Kevin Weng <t-keweng at microsoft.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 51f7ecf2259e1fb669cd84c5317cbd8810d731b7
Author: Andrii Bordunov via Openembedded-core <openembedded-core at lists.openembedded.org>
Date:   Tue Aug 13 23:25:57 2019 +0000

    glib-2.0: fix CVE-2019-13012
    
    Signed-off-by: Kevin Weng <t-keweng at microsoft.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 144363decc922ed03a584eb9b29cf9808a469d08
Author: Andrii Bordunov via Openembedded-core <openembedded-core at lists.openembedded.org>
Date:   Tue Aug 13 23:25:56 2019 +0000

    dbus: fix CVE-2019-12749
    
    Signed-off-by: Kevin Weng <t-keweng at microsoft.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 75a4b4d8fb14414bbe2e38be8ccda0af94ef9b40
Author: Andrii Bordunov via Openembedded-core <openembedded-core at lists.openembedded.org>
Date:   Tue Aug 13 23:25:52 2019 +0000

    curl: fix CVE-2018-16890 CVE-2019-3822 CVE-2019-3823
    
    Signed-off-by: Kevin Weng <t-keweng at microsoft.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit ad90312adabbad951f62e3bd4ad95fcc763ad0c4
Author: Anuj Mittal <anuj.mittal at intel.com>
Date:   Tue Jul 30 20:26:53 2019 +0800

    python3: fix CVE-2019-9740
    
    CVE-2019-9947 is same as CVE-2019-9740 and mark it as such. See:
    
    https://bugs.python.org/issue30458
    
    Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit bd367f58d9d6b5f0ce213e1be36763c5a9e425b6
Author: Anuj Mittal <anuj.mittal at intel.com>
Date:   Tue Jul 30 20:26:52 2019 +0800

    patch: fix CVE-2019-13636
    
    Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit f965ecbf558b6db1959e4ba8e599d65a5c8022b2
Author: Alexander Kanavin <alex.kanavin at gmail.com>
Date:   Wed Apr 24 18:34:15 2019 +0200

    buildhistory: call a dependency parser only on actual dependency lists
    
    Previously it was also called on filelists and possibly other items which
    broke the parser.
    
    Signed-off-by: Alexander Kanavin <alex.kanavin at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

-----------------------------------------------------------------------

Summary of changes:
 meta/lib/oe/buildhistory_analysis.py               |   2 +-
 .../bind/bind/CVE-2018-5740.patch                  |  72 -----
 .../bind/{bind_9.11.4.bb => bind_9.11.5-P4.bb}     |   8 +-
 ...d-includes-of-new-BIND9-compatibility-hea.patch |  79 +++++
 .../dhcp/0008-tweak-to-support-external-bind.patch | 117 -------
 meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb       |   1 +
 meta/recipes-core/dbus/dbus/CVE-2019-12749.patch   | 127 ++++++++
 meta/recipes-core/dbus/dbus_1.12.10.bb             |   1 +
 .../glib-2.0/glib-2.0/CVE-2019-13012.patch         |  47 +++
 meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb      |   1 +
 meta/recipes-devtools/binutils/binutils-2.31.inc   |   6 +
 .../binutils/binutils/CVE-2018-1000876.patch       | 180 +++++++++++
 .../binutils/binutils/CVE-2018-20623.patch         |  74 +++++
 .../binutils/binutils/CVE-2018-20651.patch         |  35 +++
 .../binutils/binutils/CVE-2018-20671.patch         |  49 +++
 .../binutils/binutils/CVE-2019-12972.patch         |  39 +++
 .../binutils/binutils/CVE-2019-14444.patch         |  33 ++
 meta/recipes-devtools/gcc/gcc-8.2.inc              |   1 +
 .../gcc/gcc-8.2/CVE-2019-14250.patch               |  44 +++
 meta/recipes-devtools/go/go-1.11.inc               |   6 +-
 .../libcomps/libcomps/CVE-2019-3817.patch          |  97 ++++++
 meta/recipes-devtools/libcomps/libcomps_git.bb     |   1 +
 ...k-temporary-file-on-failed-ed-style-patch.patch |  93 ++++++
 ...ak-temporary-file-on-failed-multi-file-ed.patch |  80 +++++
 ...ke-ed-directly-instead-of-using-the-shell.patch |  44 +++
 .../patch/patch/CVE-2019-13636.patch               | 113 +++++++
 meta/recipes-devtools/patch/patch_2.7.6.bb         |   4 +
 .../python/python/bpo-30458-cve-2019-9740.patch    | 219 ++++++++++++++
 .../python/python/bpo-35121-cve-2018-20852.patch   | 127 ++++++++
 .../python/python3/CVE-2018-14647.patch            |  95 ++++++
 .../python/python3/CVE-2018-20406.patch            | 217 +++++++++++++
 .../python/python3/CVE-2018-20852.patch            | 129 ++++++++
 .../python/python3/CVE-2019-9636.patch             | 154 ++++++++++
 .../python/python3/CVE-2019-9740.patch             | 155 ++++++++++
 meta/recipes-devtools/python/python3_3.5.6.bb      |   5 +
 meta/recipes-devtools/python/python_2.7.16.bb      |   2 +
 ...error-messages-when-qemi_cpu_kick_thread-.patch |  19 +-
 ...fix-to-handle-variably-sized-SIOCGSTAMP-w.patch | 336 +++++++++++++++++++++
 meta/recipes-devtools/qemu/qemu_3.0.0.bb           |   1 +
 .../pango/pango/CVE-2019-1010238.patch             |  38 +++
 meta/recipes-graphics/pango/pango_1.42.4.bb        |   4 +-
 meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb   |   6 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb |   6 +-
 meta/recipes-kernel/linux/linux-yocto_4.14.bb      |  20 +-
 .../recipes-support/curl/curl/CVE-2018-16890.patch |  50 +++
 meta/recipes-support/curl/curl/CVE-2019-3822.patch |  47 +++
 meta/recipes-support/curl/curl/CVE-2019-3823.patch |  55 ++++
 meta/recipes-support/curl/curl_7.61.0.bb           |   3 +
 .../libxslt/files/CVE-2019-13117.patch             |  33 ++
 .../libxslt/files/CVE-2019-13118.patch             |  76 +++++
 .../libxslt/libxslt/CVE-2019-11068.patch           | 128 ++++++++
 meta/recipes-support/libxslt/libxslt_1.1.32.bb     |   5 +-
 52 files changed, 3059 insertions(+), 225 deletions(-)
 delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch
 rename meta/recipes-connectivity/bind/{bind_9.11.4.bb => bind_9.11.5-P4.bb} (95%)
 create mode 100644 meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch
 delete mode 100644 meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
 create mode 100644 meta/recipes-core/dbus/dbus/CVE-2019-12749.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-1000876.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-20623.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-20651.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-8.2/CVE-2019-14250.patch
 create mode 100644 meta/recipes-devtools/libcomps/libcomps/CVE-2019-3817.patch
 create mode 100644 meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch
 create mode 100644 meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch
 create mode 100644 meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
 create mode 100644 meta/recipes-devtools/patch/patch/CVE-2019-13636.patch
 create mode 100644 meta/recipes-devtools/python/python/bpo-30458-cve-2019-9740.patch
 create mode 100644 meta/recipes-devtools/python/python/bpo-35121-cve-2018-20852.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2018-14647.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2018-20406.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2018-20852.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2019-9636.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2019-9740.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch
 create mode 100644 meta/recipes-graphics/pango/pango/CVE-2019-1010238.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16890.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2019-3822.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2019-3823.patch
 create mode 100644 meta/recipes-support/libxslt/files/CVE-2019-13117.patch
 create mode 100644 meta/recipes-support/libxslt/files/CVE-2019-13118.patch
 create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2019-11068.patch


hooks/post-receive
-- 



More information about the yocto-security mailing list