[Buildroot] [PATCH] supervisor: security bump to version 3.1.4

Peter Korsgaard peter at korsgaard.com
Thu Sep 21 11:18:44 UTC 2017


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes CVE-2017-11610 - The XML-RPC server in supervisor before 3.0.1, 3.1.x
 > before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote
 > authenticated users to execute arbitrary commands via a crafted XML-RPC
 > request, related to nested supervisord namespace lookups.

 > For more details, see
 > https://github.com/Supervisor/supervisor/issues/964

 > While we're at it, add hashes for the license files.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2017.02.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list