multipath-tools: fix CVE-2022-41974 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2023-02-21 05:54:18 +0000
committer	Armin Kuster <akuster808@gmail.com>	2023-02-22 16:11:00 -0500
commit	6be7dc00d20907e52836ec0fe1744a40f21c79f1 (patch)
tree	b4519e3465eca20518fa3e2e75ec75277e3b56af /meta-python/recipes-devtools/python/python3-scrypt/0001-py-scrypt-remove-the-hard-coded-include-paths.patch
parent	30f4c2b3ae182513b967185e06bc8409a0ee6092 (diff)
download	meta-openembedded-6be7dc00d20907e52836ec0fe1744a40f21c79f1.tar.gz

multipath-tools: fix CVE-2022-41974

Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-41974 NOTE: The actual fixes for this CVE are upstream commits [1] and [2]. However, they are part of a larger patchset which has a lot of dependencies and cannot be backported easily to older multipath-tools versions. Upstream discussion [3] indicates that there is a custom patch available for old versions ([4]). Ubuntu, Debian and Suse applied this patch to their 0.7.xx and 0.8.xx releases ([4], [5]), so we add it as well. [1] https://github.com/opensvc/multipath-tools/commit/f812466f68b8e020818c6454d7b7a7e278bc99f6 [2] https://github.com/opensvc/multipath-tools/commit/d139bcf0842bc0a16beab86e1349ed65b150bf0c [3] https://github.com/opensvc/multipath-tools/issues/59 [4] https://github.com/openSUSE/multipath-tools/commit/fbbf280a0e26026c19879d938ebb2a8200b6357c [5] http://launchpadlibrarian.net/634132876/multipath-tools_0.7.4-2ubuntu3.1_0.7.4-2ubuntu3.2.diff.gzwq Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-scrypt/0001-py-scrypt-remove-the-hard-coded-include-paths.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: