[Buildroot] [PATCH 1/1] zeromq: bump to version 4.3.1

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] zeromq: bump to version 4.3.1
Date: Tue, 15 Jan 2019 14:14:03 +0100	[thread overview]
Message-ID: <87ef9errl0.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20190112190230.13556-1-asafka7@gmail.com> (Asaf Kahlon's message of "Sat, 12 Jan 2019 21:02:30 +0200")

>>>>> "Asaf" == Asaf Kahlon <asafka7@gmail.com> writes:

 > Remove the patches as they're already on upstream.
 > As a consequence, no need to autoreconf anymore.
 > Also added license hashes.

 > Signed-off-by: Asaf Kahlon <asafka7@gmail.com>

Looking at https://github.com/zeromq/libzmq/releases, I see that this
release also fixes security issues:

CVE-2019-6250: A vulnerability has been found that would allow attackers to direct a peer to
jump to and execute from an address indicated by the attacker.
This issue has been present since v4.2.0. Older releases are not affected.
NOTE: The attacker needs to know in advance valid addresses in the peer's
memory to jump to, so measures like ASLR are effective mitigations.
NOTE: this attack can only take place after authentication, so peers behind
CURVE/GSSAPI are not vulnerable to unauthenticated attackers.
See #3351 for more details.

Once more, please mark version bumps that fix security vulnerabilities
as such so I don't miss them when backporting to the stable/LTS
branches.

-- 
Bye, Peter Korsgaard

     prev parent reply	other threads:[~2019-01-15 13:14 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-12 19:02 [Buildroot] [PATCH 1/1] zeromq: bump to version 4.3.1 Asaf Kahlon
2019-01-13 13:16 ` Thomas Petazzoni
2019-01-15 13:14 ` Peter Korsgaard [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87ef9errl0.fsf@dell.be.48ers.dk \
    --to=peter@korsgaard.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.