dpkg: upgrade to 1.17.25 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Roy Li <rongqing.li@windriver.com>	2015-04-29 16:09:38 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-04-30 23:04:15 +0100
commit	150fe3720309367185afd96f7e9931566bbb3516 (patch)
tree	6524b40adc9eb7b6472e0d57ed24349d10e65253 /scripts/lib/scriptutils.py
parent	8ca6988e93fb7437a3200523df292eb982513cf9 (diff)
download	poky-150fe3720309367185afd96f7e9931566bbb3516.tar.gz

dpkg: upgrade to 1.17.25

upgrade to fix two CVE defects: CVE-2014-8625 and CVE-2015-0840 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8625 Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0840 The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). (From OE-Core rev: 079445990f51f98c8d4f9397dec0ed91ca2490c3) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/scriptutils.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: