Pull in stable branch fixes including: * tunables: Terminate if end of input is reached (CVE-2023-4911) * Propagate GLIBC_TUNABLES in setxid binaries * Document CVE-2023-4806 and CVE-2023-5156 in NEWS * Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
Also set CVE_STATUS accordingly for the fixes pulled in. Signed-off-by: Richard Purdie <[email protected]> --- meta/recipes-core/glibc/glibc-version.inc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index f5ebbb2ee62..19b98bc11ad 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,8 +1,13 @@ SRCBRANCH ?= "release/2.38/master" PV = "2.38+git" -SRCREV_glibc ?= "0e1ef6779a90bc0f8a05bc367796df2793deecaa" +SRCREV_glibc ?= "750a45a783906a19591fb8ff6b7841470f1f5701" SRCREV_localedef ?= "e0eca29583b9e0f62645c4316ced93cf4e4e26e1" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.(?!90)\d+)*)" + +CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" +CVE_STATUS[CVE-2023-4911] = "fixed-version: Fixed in stable branch updates" +CVE_STATUS[CVE-2023-4806] = "fixed-version: Fixed in stable branch updates" +CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" -- 2.39.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188663): https://lists.openembedded.org/g/openembedded-core/message/188663 Mute This Topic: https://lists.openembedded.org/mt/101743525/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
