multipath-tools: fix CVE-2022-41974 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Urade, Yogita <Yogita.Urade@windriver.com>	2023-02-21 05:51:23 +0000
committer	Armin Kuster <akuster808@gmail.com>	2023-03-05 07:45:05 -0500
commit	fb99d19bac01eaa767bd6459ee5f53484d5ef78d (patch)
tree	3d72e4869d869a0ca3362e41240771363871dbf9 /meta-python
parent	dfcbe97b557891ce491a49ed5f5b01e19585f44a (diff)
download	meta-openembedded-fb99d19bac01eaa767bd6459ee5f53484d5ef78d.tar.gz

multipath-tools: fix CVE-2022-41974

Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-41974 NOTE: The actual fixes for this CVE are upstream commits [1] and [2]. However, they are part of a larger patchset which has a lot of dependencies and cannot be backported easily to older multipath-tools versions. Upstream discussion [3] indicates that there is a custom patch available for old versions ([4]). Ubuntu, Debian and Suse applied this patch to their 0.7.xx and 0.8.xx releases ([4], [5]), so we add it as well. [1] https://github.com/opensvc/multipath-tools/commit/f812466f68b8e020818c6454d7b7a7e278bc99f6 [2] https://github.com/opensvc/multipath-tools/commit/d139bcf0842bc0a16beab86e1349ed65b150bf0c [3] https://github.com/opensvc/multipath-tools/issues/59 [4] https://github.com/openSUSE/multipath-tools/commit/fbbf280a0e26026c19879d938ebb2a8200b6357c [5] http://launchpadlibrarian.net/634132876/multipath-tools_0.7.4-2ubuntu3.1_0.7.4-2ubuntu3.2.diff.gz Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: