[OE-core] [Openembedded-architecture] OE-Core/Yocto Project's first CVE (CVE-2017-9731)

Philip Balister philip at balister.org
Mon Jun 19 13:32:33 UTC 2017

On 06/19/2017 09:29 AM, Burton, Ross wrote:
> On 19 June 2017 at 14:20, Philip Balister <philip at balister.org> wrote:
>> So the issue is leaking credentials, not build system paths? I mention
>> this because we do leak build system paths into images in other places.
> Yes, SRC_URI can contain username/passwords, and even if you filter those
> out explicitly you can expose internal hostnames and so on.

But we do expose internal host names in other places ...


> Ross

More information about the Openembedded-core mailing list