[Buildroot] [PATCH] nodejs: security bump 0.10.x series to 0.10.48
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Fri Dec 2 21:35:00 UTC 2016
Hello,
On Fri, 02 Dec 2016 22:11:13 +0100, Peter Korsgaard wrote:
> >>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni at free-electrons.com> writes:
>
> > Hello,
> > On Fri, 2 Dec 2016 21:16:52 +0100, Peter Korsgaard wrote:
> >> c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
> >> information at https://c-ares.haxx.se/adv_20160929.html
>
> > Thanks. What about our c-ares package itself?
>
> That one was fixed quite some time ago:
>
> commit 2d199dcff054d22a1ccc730fadfc7543b8c6e8f3
> Author: Gustavo Zacarias <gustavo at zacarias.com.ar>
> Date: Wed Oct 12 20:17:17 2016 -0300
>
> c-ares: security bump to version 1.12.0
>
> Fixes:
> CVE-2016-5180 - ares_create_query single byte out of buffer write
>
> Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Ah, ok. Sorry, I didn't check that 1.12.0 fixed the issue. Thanks for
confirming.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
More information about the buildroot
mailing list