CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-04 16:10:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
a80f5e761c
poky/meta
History
Ovidiu Panait 80aa68fa75 ruby: CVE-2017-14064 
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose
arbitrary memory during a JSON.generate call. The issues lies in using
strdup in ext/json/ext/generator/generator.c, which will stop after
encountering a '\0' byte, returning a pointer to a string of length zero,
which is not the length stored in space_len.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14064

Upstream patch:
8f782fd8e1

(From OE-Core rev: 17dbfd967019f9b50a9f6aa3f48cd3658fcccc70)

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-09-18 11:07:30 +01:00
..
classes useradd: don't override pseudo environment 2017-09-18 11:07:30 +01:00
conf bitbake.conf: Add default FILESYSTEM_PERMS_TABLES 2017-09-18 11:07:29 +01:00
files pkgconf: add recipe 2017-08-23 12:06:51 +01:00
lib oeqa/selftest/recipetool: use stable tarball for recipetool create test 2017-09-18 11:07:30 +01:00
recipes-bsp u-boot: Upgrade to 2017.09 2017-09-13 22:07:42 +01:00
recipes-connectivity bluez5: fix out-of-bounds access in SDP server (CVE-2017-1000250) 2017-09-14 11:35:46 +01:00
recipes-core systemd-machine-units: update LIC_FILES_CHKSUM 2017-09-18 11:07:30 +01:00
recipes-devtools ruby: CVE-2017-14064 2017-09-18 11:07:30 +01:00
recipes-extended logrotate: use stable download URL 2017-09-18 11:07:30 +01:00
recipes-gnome libnotify: Add HOMEPAGE info into recipe file. 2017-09-18 11:07:29 +01:00
recipes-graphics mesa-gl: Fix build after recent mesa PACKAGECONFIG changes 2017-09-05 15:01:02 +01:00
recipes-kernel sysprof: Add HOMEPAGE info into recipe file. 2017-09-18 11:07:29 +01:00
recipes-multimedia alsa-utils: Do not hardcode path to /lib/udev 2017-09-11 17:30:28 +01:00
recipes-rt meta: remove True option to getVar calls 2016-12-16 10:23:23 +00:00
recipes-sato webkitgtk: disable gobject-introspection on armv7a 2017-08-24 13:48:10 +01:00
recipes-support attr: Backports to fix exported headers 2017-09-18 11:07:30 +01:00
site site/ix86-common: Drop ac_cv_sizeof_ino_t as it can be incorrect with large file support 2017-08-16 00:03:15 +01:00
COPYING.GPLv2
COPYING.MIT
recipes.txt