diff options
author | Khem Raj <raj.khem@gmail.com> | 2014-10-02 11:32:39 +0100 |
---|---|---|
committer | Paul Eggleton <paul.eggleton@linux.intel.com> | 2014-10-12 21:29:14 +0100 |
commit | 59e7817b6e1d1dd90668083cf34f1650a84430c0 (patch) | |
tree | 151db18ac5ce73ff1c9f08fdf1201e5c5f4ee2fa /meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch | |
parent | d57b9ce8bb97f88c329da973c3567d04d8eb07d2 (diff) | |
download | openembedded-core-59e7817b6e1d1dd90668083cf34f1650a84430c0.tar.gz |
bash: Fix CVE-2014-7169
This is a followup patch to incomplete CVE-2014-6271 fix
code execution via specially-crafted environment
Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
(From OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Diffstat (limited to 'meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch')
-rw-r--r-- | meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch new file mode 100644 index 0000000000..2e734de434 --- /dev/null +++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch @@ -0,0 +1,16 @@ +Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10 + +Upstream-Status: Backport +Index: bash-3.2.48/parse.y +=================================================================== +--- bash-3.2.48.orig/parse.y 2008-04-29 18:24:55.000000000 -0700 ++++ bash-3.2.48/parse.y 2014-09-26 13:07:31.956080056 -0700 +@@ -2503,6 +2503,8 @@ + FREE (word_desc_to_read); + word_desc_to_read = (WORD_DESC *)NULL; + ++ eol_ungetc_lookahead = 0; ++ + last_read_token = '\n'; + token_to_read = '\n'; + } |