From 7da6cb848bc42b3e6bd5d2b37b52ba75510a6ca0 Mon Sep 17 00:00:00 2001 From: Yogita Urade Date: Fri, 20 Oct 2023 04:56:09 +0000 Subject: indent: fix CVE-2023-40305 GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file. Reference: https://savannah.gnu.org/bugs/index.php?64503 Signed-off-by: Yogita Urade Signed-off-by: Armin Kuster --- meta-oe/recipes-extended/indent/indent_2.2.12.bb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'meta-oe/recipes-extended/indent/indent_2.2.12.bb') diff --git a/meta-oe/recipes-extended/indent/indent_2.2.12.bb b/meta-oe/recipes-extended/indent/indent_2.2.12.bb index 1a7d61abc0..a846682c13 100644 --- a/meta-oe/recipes-extended/indent/indent_2.2.12.bb +++ b/meta-oe/recipes-extended/indent/indent_2.2.12.bb @@ -17,6 +17,8 @@ SRC_URI = "${GNU_MIRROR}/${BPN}/${BP}.tar.gz \ file://0001-Makefile.am-remove-regression-dir.patch \ file://0001-Fix-builds-with-recent-gettext.patch \ file://0001-Remove-dead-paren_level-code.patch \ + file://CVE-2023-40305_0001.patch \ + file://CVE-2023-40305_0002.patch \ " SRC_URI[md5sum] = "4764b6ac98f6654a35da117b8e5e8e14" SRC_URI[sha256sum] = "e77d68c0211515459b8812118d606812e300097cfac0b4e9fb3472664263bb8b" -- cgit v1.2.3-54-g00ecf