[Buildroot] [PATCH] package/libkrb5: security bump to version 1.18.3
Peter Korsgaard
peter at korsgaard.com
Sun Nov 22 14:33:02 UTC 2020
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2020-28196: MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before
> 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message
> because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite
> lengths lacks a recursion limit.
> Also fix .hash file indentation.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list