[Buildroot] [PATCH 1/1] package/libical: fix CVE-2016-9584
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Sat Mar 28 13:59:09 UTC 2020
On Sat, 28 Mar 2020 10:36:47 +0100
Fabrice Fontaine <fontaine.fabrice at gmail.com> wrote:
> libical allows remote attackers to cause a denial of service
> (use-after-free) and possibly read heap memory via a crafted ics file.
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> ---
> ...ype_from_string-copy-the-reqstattype.patch | 27 +++++++++++++++++++
> package/libical/libical.mk | 3 +++
> 2 files changed, 30 insertions(+)
> create mode 100644 package/libical/0002-icaltypes-c-icalreqstattype_from_string-copy-the-reqstattype.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list