[Buildroot] [PATCH] package/netatalk: security bump to version 3.1.23

Peter Korsgaard peter at korsgaard.com
Fri Dec 21 14:40:41 UTC 2018


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes CVE-2018-1160: Netatalk before 3.1.12 is vulnerable to an out of
 > bounds write in dsi_opensess.c.  This is due to lack of bounds checking on
 > attacker controlled data.  A remote unauthenticated attacker can leverage
 > this vulnerability to achieve arbitrary code execution.

 > For more details, see the release notes:
 > http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list