From patchwork Mon Nov 4 12:27:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 178398 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp1413587ilf; Mon, 4 Nov 2019 04:27:22 -0800 (PST) X-Google-Smtp-Source: APXvYqzEJ5efQwvG62h00N3dXiZMPgJVzgosORmAhi3J0MB4qpXAv8Y5uTw4E4FuDBEYR8S6lwbm X-Received: by 2002:a17:902:9897:: with SMTP id s23mr27737570plp.189.1572870441978; Mon, 04 Nov 2019 04:27:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572870441; cv=none; d=google.com; s=arc-20160816; b=Glc+7Vt0JacUsTIKyOc3vFU9dRRhjxKoizGUdOD6zNNxqwDVP4EwYXQc7ERL6YupkA IMsZuJBpYDKdkebyPgr5KSiq1fPz8an86+ERvjQyZoLCSwaLmqedxwjDYoKA1hLN69hV 0Shh6qqhWCcfr3cSj1QLQQX4LL+AKRmpqbfpXe+UWHEWQ1CzTMue9mm6ZJhDAh/Rs7Kc vtF9/39qgbEknMz5yAjE72odVisUn6N8tOebhEpp8fvyqWbaiCMMW26fWcUZKZ63/h54 N+E5f1lws2UWrcDLrpJmB6+cFEX+uevTpdYu74Qo9TYQLqm/+/WNdElVe6+d+Yyp9aFt q5LQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:delivered-to; bh=9I7FPeDz4TVQpwdO7rcIrKqqZks7oEhxK1pjCBBYqic=; b=gKZrxJLkXoacfMdRpVLWvXWPs81MrsRLqcD5M/Gqc6HDXMl2oROTrAiOiP/FbE2KwP Wz6I9zwrHaK5c9b/oiPHQdL1SWLAoo9q91s9NPSt90iVOpbgLBGtMeCnAMPPjx+D6mjn o+5Qk/+wGQO1ampIzxkLNCpst0CbtoJN4ZvXhh3kokPe6wUMndCNMF9GpxoqGsvxkDp6 unHKTB/scdc8vXbx3/9x+9Ph81gCRSu+8Rho5I5ndj/ArUgAwpjLb9jOxwVkg0HLAgFq YYpjB0HvXP3VbmEUCuXvJvBTtXdP1gqck+vYNRUV2Gy0Ejl4yz6x9oLuTCxjYpVvpyX8 hPLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=a7sfFswr; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id k132si11518202pga.484.2019.11.04.04.27.21; Mon, 04 Nov 2019 04:27:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=a7sfFswr; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 212C17F87A; Mon, 4 Nov 2019 12:27:19 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66]) by mail.openembedded.org (Postfix) with ESMTP id 48BDC6C44A for ; Mon, 4 Nov 2019 12:27:17 +0000 (UTC) Received: by mail-wr1-f66.google.com with SMTP id t1so10908940wrv.4 for ; Mon, 04 Nov 2019 04:27:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=lvm+1NNVIqQ6lFSfxW5VzjR5nqAIA0H11crtaRapOgs=; b=a7sfFswr6pxl/MPwQuo4VtXu+cRyVTSIwpV6BggtrRexwLif/6RE6bsXue1nVhbpkq 3mvOG+SyTO+WBBz8EVT8BNmZaV8RyZSpW/UqE+5l1oHOEkyo5uTS5TMkblPR/NneF2ZS XLJBzykAGqV5KdXQOLmZHXl/Fe8rxeVFlYQ01sGHgF18wN3eP7W0vPfxV1Lr90b/60pB THZ53mNGRZJUG8XSIIPd567dSJqgG9S1DjUGfEY5dcq0kw2qrHqA61eEkj7+qdLvZWdv 3r5DFUf3tgi+RWVF/yqAWmoNtEbjO8NO1fHViAy8TTUOQ+GHqWha9B57Rez6hGi6p3+5 nqog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=lvm+1NNVIqQ6lFSfxW5VzjR5nqAIA0H11crtaRapOgs=; b=TRRGtJvP0GierNHZCqVl5GRO6x1xntkpUI0ikMmg325YJtHUrjr8DOITvzJ1rTmw9x lUG0xxyrWZqyDXyj45NJyzwu4QElzmqzQxdQcfRCILyfXZinT4jB7klsTO+d15il0dz9 X/pNhQjqJPE+Ck5Rh3Cl2mhe+v1bhiA4BPk8ssOx3fNFmdBeovMH2rksVsjd99BTIDtH C1XXkK1WyCdRq2RHCMbQc6mauz8HveJH7Du17/eD6xqDqW4W6tMpuYavi1WVILsim9iN q2+WorKhVy8UMu7GCctIrmt6bYGK3Df7Mo73bnotOkn9V+gAjVUIBhXVBqJKPINIllHQ sx6g== X-Gm-Message-State: APjAAAWLDiLNh8JFkFiuBWurrhqGDWt+BKFDp44KRqBj/6+oNuIGqVmR P1uK8othV+Jwf8tAJ2LZRkMrU7zxPDc= X-Received: by 2002:a5d:63d2:: with SMTP id c18mr12562419wrw.365.1572870436456; Mon, 04 Nov 2019 04:27:16 -0800 (PST) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id l4sm882487wme.4.2019.11.04.04.27.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Nov 2019 04:27:15 -0800 (PST) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Mon, 4 Nov 2019 12:27:13 +0000 Message-Id: <20191104122713.23437-1-ross.burton@intel.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [OE-core] [PATCH] patch: the CVE-2019-13638 fix also handles CVE-2018-20969 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org Signed-off-by: Ross Burton --- .../0001-Invoke-ed-directly-instead-of-using-the-shell.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.20.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch index f60dfe879af..d13d419f51c 100644 --- a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch +++ b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch @@ -6,8 +6,8 @@ Subject: [PATCH] Invoke ed directly instead of using the shell * src/pch.c (do_ed_script): Invoke ed directly instead of using a shell command to avoid quoting vulnerabilities. -CVE: CVE-2019-13638 -Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0] +CVE: CVE-2019-13638 CVE-2018-20969 +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0] Signed-off-by: Trevor Gamblin ---