150fe37203
upgrade to fix two CVE defects: CVE-2014-8625 and CVE-2015-0840 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8625 Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0840 The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). (From OE-Core rev: 079445990f51f98c8d4f9397dec0ed91ca2490c3) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| dpkg | ||
| dpkg.inc | ||
| dpkg_1.17.25.bb | ||