openwrt

ExternalVendorCode/openwrt

Fork 0

mirror of https://github.com/openwrt/openwrt.git synced 2024-12-22 15:02:32 +00:00

Commit Graph

Author	SHA1	Message	Date
Christian Marangi	28bf0137b4	tools: refresh all patches Refresh all tools patches now that tools/refresh correctly works. CI now checks for them and actively complain if tools have unrefreshed patches. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>	2024-05-22 12:41:10 +02:00
Russell Senior	bcfd1d7685	tools/patch: apply upstream patch for cve-2019-13638 GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. https://nvd.nist.gov/vuln/detail/CVE-2019-13638 Signed-off-by: Russell Senior <russell@personaltelco.net>	2019-08-13 10:00:10 +02:00

Author

SHA1

Message

Date

Christian Marangi

28bf0137b4

tools: refresh all patches

Refresh all tools patches now that tools/refresh correctly works.

CI now checks for them and actively complain if tools have unrefreshed
patches.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>

2024-05-22 12:41:10 +02:00

Russell Senior

bcfd1d7685

tools/patch: apply upstream patch for cve-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style

diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.

https://nvd.nist.gov/vuln/detail/CVE-2019-13638

Signed-off-by: Russell Senior <russell@personaltelco.net>

2019-08-13 10:00:10 +02:00

2 Commits