[Buildroot] [PATCH] libidn: add fix for CVE-2017-14062
peter at korsgaard.com
Sun Sep 24 20:12:48 UTC 2017
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> Add upstream patch fixing CVE-2017-14062:
> Integer overflow in the decode_digit function in puny_decode.c in
> Libidn2 before 2.0.4 allows remote attackers to cause a denial of
> service or possibly have unspecified other impact.
> This issue also affects libidn.
> Unfortunately, the patch also triggers reconf of the documentation
> subdirectory, since lib/punycode.c is listed in GDOC_SRC that is defined
> in doc/Makefile.am. Add autoreconf to handle that.
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
Committed to 2017.02.x, thanks.
Bye, Peter Korsgaard
More information about the buildroot