diff options
author | Catalin Popeanga <Catalin.Popeanga@enea.com> | 2014-10-09 14:24:53 +0200 |
---|---|---|
committer | Paul Eggleton <paul.eggleton@linux.intel.com> | 2014-10-12 21:29:14 +0100 |
commit | ae653aed4c6b7d8075cd464edcd2e01237bfc105 (patch) | |
tree | aa134f8d93c3f94ec11c094c7c79df3b024db32d /meta/recipes-extended/bash/bash_4.2.bb | |
parent | 32818a104ae99a5795d91a2960d48d433d542dee (diff) | |
download | openembedded-core-ae653aed4c6b7d8075cd464edcd2e01237bfc105.tar.gz |
bash: Fix for CVE-2014-6277
Follow up bash42-049 to parse properly function definitions in the
values of environment variables, to not allow remote attackers to
execute arbitrary code or to cause a denial of service.
See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
(From OE-Core daisy rev: 85961bcf81650992259cebb0ef1f1c6cdef3fefa)
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Diffstat (limited to 'meta/recipes-extended/bash/bash_4.2.bb')
-rw-r--r-- | meta/recipes-extended/bash/bash_4.2.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash_4.2.bb b/meta/recipes-extended/bash/bash_4.2.bb index 4ac0673a8c..1f49c46a54 100644 --- a/meta/recipes-extended/bash/bash_4.2.bb +++ b/meta/recipes-extended/bash/bash_4.2.bb @@ -25,6 +25,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BPN}-${PV}.tar.gz;name=tarball \ file://test-output.patch \ file://Fix-for-bash-exported-function-namespace-change.patch;striplevel=0 \ file://cve-2014-7186_cve-2014-7187.patch;striplevel=0 \ + file://cve-2014-6277.patch \ file://run-ptest \ " |