[Buildroot] [PATCH] libtasn1: security bump to version 4.12
Peter Korsgaard
peter at korsgaard.com
Thu Jun 1 14:35:53 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes CVE-2017-7650: Two errors in the "asn1_find_node()" function
> (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to
> cause a stacked-based buffer overflow by tricking a user into processing a
> specially crafted assignments file via the e.g. asn1Coding utility.
> For more details, see:
> https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/
> Or the 1.4.11 release mail (no mail about 1.4.12, but identical to 1.4.11 +
> a soname fix):
> https://lists.gnu.org/archive/html/help-libtasn1/2017-05/msg00003.html
> Remove 0001-configure-don-t-add-Werror-to-build-flags.patch and autoreconf
> as that patch is now upstream.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list