[Buildroot] [PATCH] libidn: add fix for CVE-2017-14062

Peter Korsgaard peter at korsgaard.com
Sat Sep 23 07:38:20 UTC 2017

>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:

 > Add upstream patch fixing CVE-2017-14062:
 > Integer overflow in the decode_digit function in puny_decode.c in
 > Libidn2 before 2.0.4 allows remote attackers to cause a denial of
 > service or possibly have unspecified other impact.

 > This issue also affects libidn.

 > Unfortunately, the patch also triggers reconf of the documentation
 > subdirectory, since lib/punycode.c is listed in GDOC_SRC that is defined
 > in doc/Makefile.am. Add autoreconf to handle that.

 > Signed-off-by: Baruch Siach <baruch at tkos.co.il>

The autoreconf causes some build issues related to makeinfo. Care to
take a look?


Bye, Peter Korsgaard

More information about the buildroot mailing list