[Buildroot] [PATCH 1/1] package/libical: fix CVE-2016-9584

Thomas Petazzoni thomas.petazzoni at bootlin.com
Sat Mar 28 13:59:09 UTC 2020


On Sat, 28 Mar 2020 10:36:47 +0100
Fabrice Fontaine <fontaine.fabrice at gmail.com> wrote:

> libical allows remote attackers to cause a denial of service
> (use-after-free) and possibly read heap memory via a crafted ics file.
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> ---
>  ...ype_from_string-copy-the-reqstattype.patch | 27 +++++++++++++++++++
>  package/libical/libical.mk                    |  3 +++
>  2 files changed, 30 insertions(+)
>  create mode 100644 package/libical/0002-icaltypes-c-icalreqstattype_from_string-copy-the-reqstattype.patch

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


More information about the buildroot mailing list