Re: [OE-core] [meta-core][PATCH 1/1] libksba: fix CVE-2022-3515

2022-12-08 Thread Alexandre Belloni via lists.openembedded.org
On 09/12/2022 06:11:30+, Manoj Saun wrote: > libksba: integer overflow may lead to remote code execution. > > Reference: > https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html > > Upstream-Status: Backport >

Re: [OE-core] [meta-core][PATCH 1/1] libksba: fix CVE-2022-3515

2022-12-08 Thread Peter Kjellerstedt
river.com; Manoj Saun > Subject: [OE-core] [meta-core][PATCH 1/1] libksba: fix CVE-2022-3515 > > libksba: integer overflow may lead to remote code execution. May I suggest using the above as subject instead of the current subject? E.g.: libksba: Avoid integer overflow that may

[OE-core] [meta-core][PATCH 1/1] libksba: fix CVE-2022-3515

2022-12-08 Thread Manoj Saun
libksba: integer overflow may lead to remote code execution. Reference: https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html Upstream-Status: Backport [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=4b7d9cd4a018898d7714ce06f3faf2626c14582b] CVE: CVE-2022-3515

Re: [OE-core] [meta-core][PATCH 1/1] libksba: fix CVE-2022-3515

2022-12-08 Thread Alexandre Belloni via lists.openembedded.org
Hello, On 08/12/2022 06:27:44+, Manoj Saun wrote: > libksba: integer overflow may lead to remote code execution. > > Reference: > https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html > > Upstream fixes: >

[OE-core] [meta-core][PATCH 1/1] libksba: fix CVE-2022-3515

2022-12-07 Thread Manoj Saun
libksba: integer overflow may lead to remote code execution. Reference: https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html Upstream fixes: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=4b7d9cd4a018898d7714ce06f3faf2626c14582b Signed-off-by: Manoj Saun ---