[Buildroot] [PATCH 1/1] package/atftp: security bump to version 0.7.5
Arnout Vandecappelle
arnout at mind.be
Tue Oct 5 19:37:12 UTC 2021
On 27/09/2021 23:18, Fabrice Fontaine wrote:
> - Fix CVE-2021-41054: tftpd_file.c in atftp through 0.7.4 has a buffer
> overflow because buffer-size handling does not properly consider the
> combination of data, OACK, and other options.
> - Update hash of license file (license replaced with current version:
I didn't grok this sentence so after investigation I replaced it with "license
replaced with current version of the GPL text".
Applied to master, thanks.
Regards,
Arnout
> https://sourceforge.net/p/atftp/code/ci/bf22ccaef34f5dcdbd48de8b0bea3ef97b9d3545)
>
> https://sourceforge.net/p/atftp/code/ci/v0.7.5/tree/Changelog
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> ---
> package/atftp/atftp.hash | 4 ++--
> package/atftp/atftp.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/package/atftp/atftp.hash b/package/atftp/atftp.hash
> index 158e9e3b33..6b0d9a5879 100644
> --- a/package/atftp/atftp.hash
> +++ b/package/atftp/atftp.hash
> @@ -1,3 +1,3 @@
> # Locally computed
> -sha256 d3c9cd0d971dfc786d7a5f4055c35d4e66aafc8102ac03473ef225bdf7edb26a atftp-0.7.4.tar.gz
> -sha256 32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670 LICENSE
> +sha256 93c87a4fb18218414e008e01c995dadd231ba4c752d0f894b34416d1e6d3038a atftp-0.7.5.tar.gz
> +sha256 86dc744860e6dfacfeba2f33fea908db03fe67c7e37a878285b7aae8e4596735 LICENSE
> diff --git a/package/atftp/atftp.mk b/package/atftp/atftp.mk
> index 3db966c169..70ef4c0fae 100644
> --- a/package/atftp/atftp.mk
> +++ b/package/atftp/atftp.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -ATFTP_VERSION = 0.7.4
> +ATFTP_VERSION = 0.7.5
> ATFTP_SITE = http://sourceforge.net/projects/atftp/files
> ATFTP_LICENSE = GPL-2.0+
> ATFTP_LICENSE_FILES = LICENSE
>
More information about the buildroot
mailing list