* [Buildroot] [PATCH] libtasn1: security bump to version 4.13
@ 2018-02-08 18:46 Baruch Siach
2018-02-08 21:11 ` Thomas Petazzoni
2018-04-10 20:43 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Baruch Siach @ 2018-02-08 18:46 UTC (permalink / raw)
To: buildroot
CVE-2017-10790: NULL pointer dereference and crash when reading crafted
input
CVE-2018-6003: Stack exhaustion due to indefinite recursion during BER
decoding
Add license files hashes.
Cc: Stefan Fr?berg <stefan.froberg@petroprogram.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
package/libtasn1/libtasn1.hash | 6 +++++-
package/libtasn1/libtasn1.mk | 2 +-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/package/libtasn1/libtasn1.hash b/package/libtasn1/libtasn1.hash
index 699c14050a8a..9ed7a7a42c97 100644
--- a/package/libtasn1/libtasn1.hash
+++ b/package/libtasn1/libtasn1.hash
@@ -1,2 +1,6 @@
# Locally calculated after checking pgp signature
-sha256 6753da2e621257f33f5b051cc114d417e5206a0818fe0b1ecfd6153f70934753 libtasn1-4.12.tar.gz
+# https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.13.tar.gz.sig
+sha256 7e528e8c317ddd156230c4e31d082cd13e7ddeb7a54824be82632209550c8cca libtasn1-4.13.tar.gz
+# Locally calculated
+sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING
+sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LIB
diff --git a/package/libtasn1/libtasn1.mk b/package/libtasn1/libtasn1.mk
index b34a3b63f018..f14d57abd373 100644
--- a/package/libtasn1/libtasn1.mk
+++ b/package/libtasn1/libtasn1.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBTASN1_VERSION = 4.12
+LIBTASN1_VERSION = 4.13
LIBTASN1_SITE = $(BR2_GNU_MIRROR)/libtasn1
LIBTASN1_DEPENDENCIES = host-bison
LIBTASN1_LICENSE = GPL-3.0+ (tests, tools), LGPL-2.1+ (library)
--
2.15.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] libtasn1: security bump to version 4.13
2018-02-08 18:46 [Buildroot] [PATCH] libtasn1: security bump to version 4.13 Baruch Siach
@ 2018-02-08 21:11 ` Thomas Petazzoni
2018-04-10 20:43 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2018-02-08 21:11 UTC (permalink / raw)
To: buildroot
Hello,
On Thu, 8 Feb 2018 20:46:45 +0200, Baruch Siach wrote:
> CVE-2017-10790: NULL pointer dereference and crash when reading crafted
> input
>
> CVE-2018-6003: Stack exhaustion due to indefinite recursion during BER
> decoding
>
> Add license files hashes.
>
> Cc: Stefan Fr?berg <stefan.froberg@petroprogram.com>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
> package/libtasn1/libtasn1.hash | 6 +++++-
> package/libtasn1/libtasn1.mk | 2 +-
> 2 files changed, 6 insertions(+), 2 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] libtasn1: security bump to version 4.13
2018-02-08 18:46 [Buildroot] [PATCH] libtasn1: security bump to version 4.13 Baruch Siach
2018-02-08 21:11 ` Thomas Petazzoni
@ 2018-04-10 20:43 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2018-04-10 20:43 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> CVE-2017-10790: NULL pointer dereference and crash when reading crafted
> input
> CVE-2018-6003: Stack exhaustion due to indefinite recursion during BER
> decoding
> Add license files hashes.
> Cc: Stefan Fr?berg <stefan.froberg@petroprogram.com>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-04-10 20:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-02-08 18:46 [Buildroot] [PATCH] libtasn1: security bump to version 4.13 Baruch Siach
2018-02-08 21:11 ` Thomas Petazzoni
2018-04-10 20:43 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox