Re: [OE-core] [PATCH] libcroco: CVE-2020-12825 Security Advisory

Fri, 05 Feb 2021 22:45:13 -0800 

I am also seeing

ERROR: libcroco-native-0.6.13-r0 do_patch: Fuzz detected:

Applying patch CVE-2020-12825.patch
patching file src/cr-parser.c
Hunk #4 succeeded at 799 with fuzz 1.


The context lines in the patches can be updated with devtool:

    devtool modify libcroco-native
    devtool finish --force-patch-refresh libcroco-native <layer_path>

On Thu, Jan 21, 2021 at 3:53 AM Ross Burton <r...@burtonini.com> wrote:
>
> And a CVE: CVE-2020-12825 tag alongside that too would be good.
>
> Ross
>
> On Thu, 21 Jan 2021 at 10:50, Richard Purdie
> <richard.pur...@linuxfoundation.org> wrote:
> >
> > On Thu, 2021-01-21 at 14:59 +0800, Wang Mingyu wrote:
> > > References
> > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12825
> > >
> > > Signed-off-by: Wang Mingyu <wan...@cn.fujitsu.com>
> > > ---
> > >  .../libcroco/libcroco/CVE-2020-12825.patch    | 170 ++++++++++++++++++
> > >  .../libcroco/libcroco_0.6.13.bb               |   2 +
> > >  2 files changed, 172 insertions(+)
> > >  create mode 100644 
> > > meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch
> > >
> > > diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch 
> > > b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch
> > > new file mode 100644
> > > index 0000000000..cde0abd676
> > > --- /dev/null
> > > +++ b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch
> > > @@ -0,0 +1,170 @@
> > > +Subject: [PATCH] libcroco: Limit recursion in block and any productions
> > > +
> > > +Signed-off-by:Michael Catanzaro @mcatanzaro
> >
> > Thanks for this, the patch has no Upstream-Status set though? Could you
> > resend with one please?
> >
> > Cheers,
> >
> > Richard
> >
> >
> >
> >
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147718): 
https://lists.openembedded.org/g/openembedded-core/message/147718
Mute This Topic: https://lists.openembedded.org/mt/79998594/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to