[0/1] logrotate: fix for CVE-2011-1548

Submitted by Wenzong Fan on June 18, 2013, 2:28 a.m. | Patch ID: 51867


Message ID cover.1371522167.git.wenzong.fan@windriver.com
State New
Headers show


git://git.pokylinux.org/poky-contrib wenzong/logrotate

Commit Message

Wenzong Fan June 18, 2013, 2:28 a.m.
From: Wenzong Fan <wenzong.fan@windriver.com>

If a logfile is a symlink, it may be read when being compressed, being
copied (copy, copytruncate) or mailed. Secure data (eg. password files)
may be exposed.
Portback nofollow.patch from:

The following changes since commit 1dd643b142c69ac9035e29bff11d02201638dc65:

  licences: Add SGI license (2013-06-17 16:45:37 +0100)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib wenzong/logrotate

Wenzong Fan (1):
  logrotate: fix for CVE-2011-1548

 .../logrotate-3.8.1/logrotate-CVE-2011-1548.patch  |   43 ++++++++++++++++++++
 meta/recipes-extended/logrotate/logrotate_3.8.1.bb |    1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch