[OE-core] [morty][PATCH v2 1/2] glibc: Fix CVE-2015-5180
akuster808
akuster808 at gmail.com
Mon Nov 20 18:56:18 UTC 2017
On 11/16/2017 02:46 PM, George McCollister wrote:
> On Thu, Nov 16, 2017 at 12:45 PM, akuster808 <akuster808 at gmail.com> wrote:
>>
>> On 11/15/2017 12:36 PM, George McCollister wrote:
>>> Add backported patch to fix CVE-2015-5180 from the upstream
>>> release/2.24/master branch.
>>>
>>> Signed-off-by: George McCollister <george.mccollister at gmail.com>
>> Thanks for this series. I will have to wait until I address this in Pyro.
> CVE-2015-5180 should not be an issue in glibc 2.25.
>
> The CVE-2017-1000366 commits backported to glibc 2.25 are here:
> https://sourceware.org/git/?p=glibc.git;a=commit;h=3c7cd21290cabdadd72984fb69bc51e64ff1002d
> https://sourceware.org/git/?p=glibc.git;a=commit;h=46703a3995aa3ca2b816814aa4ad05ed524194dd
> https://sourceware.org/git/?p=glibc.git;a=commit;h=c69d4a0f680a24fdbe323764a50382ad324041e9
>
> Would it help if I sent Pyro patches for these?
yes it would help.
thanks,
Armin
>
>> - armin
More information about the Openembedded-core
mailing list