On Sat, 20 Feb 2021, Klaus Heinrich Kiwi wrote: > Das U-Boot 2021.4-rc1 has the following commit: > > commit 3f04db891a353f4b127ed57279279f851c6b4917 > Author: Simon Glass <s...@chromium.org> > Date: Mon Feb 15 17:08:12 2021 -0700 > > image: Check for unit addresses in FITs > > Using unit addresses in a FIT is a security risk. Add a check for > this and disallow it. > > CVE-2021-27138 > > Adjust the kernel-fitimage.bbclass accordingly to not use unit > addresses. In addition to fixing a CVE, this is also required before we > can bump U-Boot to 2021.4. > > Signed-off-by: Klaus Heinrich Kiwi <kl...@linux.vnet.ibm.com> [snip]
Please send this to the oe-core list since kernel-fitimage.bbclass is in it, not meta-openembedded. I would also perhaps be inclined to not describe this change itself as "fixing a CVE", since it is the change in U-Boot that actually does that IMO. Thanks, Scott
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#89629): https://lists.openembedded.org/g/openembedded-devel/message/89629 Mute This Topic: https://lists.openembedded.org/mt/80789218/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-