[Buildroot] [PATCH] libsoup: security bump to version 2.62.3
Baruch Siach
baruch at tkos.co.il
Tue Aug 28 11:29:34 UTC 2018
Hi Peter,
Peter Korsgaard writes:
>>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
>
> > Fixes CVE-2018-12910: The get_cookies function in soup-cookie-jar.c in
> > libsoup 2.63.2 allows attackers to have unspecified impact via an empty
> > hostname.
>
> > Cc: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> > Signed-off-by: Baruch Siach <baruch at tkos.co.il>
>
> Thanks! I started looking at this myself, but got sidetracked.
>
> Is 2.62.x the first release containing this fix? Should we also cherry
> pick this for 2018.02.x / 2018.05.x or is there a smaller patch that
> could be applied instead?
The upstream fix from the (stable) gnome-3-28 branch is:
https://gitlab.gnome.org/GNOME/libsoup/commit/c5c41ad1d36c1efb3226a74ac8ea591419882892
You can cherry pick it to the gnome-3-22 branch that carries 2.56.x.
baruch
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
More information about the buildroot
mailing list