[Buildroot] [PATCH] libsoup: security bump to version 2.62.3
Peter Korsgaard
peter at korsgaard.com
Tue Aug 28 12:08:43 UTC 2018
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> Hi Peter,
> Peter Korsgaard writes:
>>>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
>>
>> > Fixes CVE-2018-12910: The get_cookies function in soup-cookie-jar.c in
>> > libsoup 2.63.2 allows attackers to have unspecified impact via an empty
>> > hostname.
>>
>> > Cc: Fabrice Fontaine <fontaine.fabrice at gmail.com>
>> > Signed-off-by: Baruch Siach <baruch at tkos.co.il>
>>
>> Thanks! I started looking at this myself, but got sidetracked.
>>
>> Is 2.62.x the first release containing this fix? Should we also cherry
>> pick this for 2018.02.x / 2018.05.x or is there a smaller patch that
>> could be applied instead?
> The upstream fix from the (stable) gnome-3-28 branch is:
> https://gitlab.gnome.org/GNOME/libsoup/commit/c5c41ad1d36c1efb3226a74ac8ea591419882892
> You can cherry pick it to the gnome-3-22 branch that carries 2.56.x.
Thanks. Is that the best solution or does upgrading to 2.62.x look
"safe" for 2018.02 / 2018.05 / 2018.08?
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list