[Buildroot] [PATCH] connman: security bump to version 1.35
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Tue Aug 29 21:12:11 UTC 2017
Hello,
On Mon, 28 Aug 2017 21:16:51 +0300, Baruch Siach wrote:
> Fixes CVE-2017-12865: stack overflow in dns proxy feature.
>
> Cc: Martin Bark <martin at barkynet.com>
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
> ---
> package/connman/connman.hash | 2 +-
> package/connman/connman.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied to master, thanks. I have to say I was a bit surprised to not
see this CVE mentioned on the Connman page about the 1.35 release. But
indeed, Debian says it has been fixed in 1.35, and there is a fix for a
crash in dnsproxy.c, which matches the CVE.
Upstream could be a little bit clearer though. Or maybe the CVE was
filled after 1.35 was released ?
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list