oss-sec mailing list archives
Re: CVE-Request - bitbake
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 17 Feb 2015 22:47:14 +0100
* Maxin John:
Executing "bitbake -g -u depexp <package>" when DISPLAY is not properly set causes segfault and a denial of service (through OOM) via a crafted script. Bug Report URL: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7299
I'm not sure if this is a security vulnerability in Bitbake. It's a build tool, right? If the build jobs are not constraint externally, the build commands could cause resource exhaustion in their own right, I think.
Current thread:
- CVE-Request - bitbake Maxin John (Feb 16)
- Re: CVE-Request - bitbake Florian Weimer (Feb 17)