[Buildroot] [PATCH 1/1] libfcgi:add security patch for CVE-2012-6687
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Fri Feb 5 22:22:13 UTC 2016
Hello Niranjan,
Could you fix your mail configuration so that your From is:
Niranjan Reddy <niranjan.reddy at rockwellcollins.com>
Indeed, the From: field gets used as the Git author.
On Fri, 5 Feb 2016 10:59:40 +0530, niranjan.reddy wrote:
> Fix-CVE-2012-6687 - remote attackers cause a denial of service (crash)
> via a large number of connections (http://www.cvedetails.com/cve/CVE-2012-6687/).
> use poll in os_unix.c instead of select to avoid problem with > 1024 connections.
> The patch libfcgi_2.4.0-8.3.debian.tar.xz is taken from the below link:
> (https://launchpad.net/ubuntu/+source/libfcgi/2.4.0-8.3)
I don't understand, I had a look at this Debian tarball, and couldn't
spot the fix. Also below, you're signing off the patch, which seems to
indicate your are the author of it.
Could you clarify ?
> The next release of libfcgi is 2.4.1 which may have this fix is yet to be released
> officially.
>
> Signed-off-by: niranjan.reddy <niranjan.reddy at rockwellcollins.com>
Please use Niranjan Reddy and not niranjan.reddy.
Thanks,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list