Sākums Izpētīt Palīdzība
Pierakstīties
PUBLIC_REPOS
/
buildroot
spogulis no git://git.buildroot.net/buildroot
2
1
Atdalīts 0
Faili
Pārlūkot izejas kodu

package/patch: annotate CVE-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed
style diff payload with shell metacharacters. The ed editor does not
need to be present on the vulnerable system. This is different from
CVE-2018-1000156.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine 5 gadi atpakaļ
vecāks
ad9c33935b
revīzija
77d2c77d29
1 mainītis faili ar 1 papildinājumiem un 1 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 1 1
      package/patch/patch.mk

+ 1 - 1
package/patch/patch.mk
Parādīt failu 

@@ -17,7 +17,7 @@ PATCH_IGNORE_CVES += CVE-2018-6951
 
 PATCH_IGNORE_CVES += CVE-2018-1000156
 
 
 # 0004-Invoke-ed-directly-instead-of-using-the-shell.patch
 
-PATCH_IGNORE_CVES += CVE-2018-20969
 
+PATCH_IGNORE_CVES += CVE-2018-20969 CVE-2019-13638
 
 
 # 0005-Don-t-follow-symlinks-unless--follow-symlinks-is-given.patch
 
 PATCH_IGNORE_CVES += CVE-2019-13636