[Buildroot] [PATCH] libidn: add fix for CVE-2017-14062

Peter Korsgaard peter at korsgaard.com
Sun Sep 24 20:12:48 UTC 2017


>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:

 > Add upstream patch fixing CVE-2017-14062:
 > Integer overflow in the decode_digit function in puny_decode.c in
 > Libidn2 before 2.0.4 allows remote attackers to cause a denial of
 > service or possibly have unspecified other impact.

 > This issue also affects libidn.

 > Unfortunately, the patch also triggers reconf of the documentation
 > subdirectory, since lib/punycode.c is listed in GDOC_SRC that is defined
 > in doc/Makefile.am. Add autoreconf to handle that.

 > Signed-off-by: Baruch Siach <baruch at tkos.co.il>

Committed to 2017.02.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list