Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/liburiparser: security bump to version 0.9.8
@ 2024-05-05 19:08 Fabrice Fontaine
  2024-05-06 20:02 ` Thomas Petazzoni via buildroot
  2024-05-27  6:00 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2024-05-05 19:08 UTC (permalink / raw)
  To: buildroot; +Cc: Bernd Kuhls, Fabrice Fontaine

- Fixed: [CVE-2024-34402]
    Protect against integer overflow in ComposeQueryEngine
- Fixed: [CVE-2024-34403]
    Protect against integer overflow in ComposeQueryMallocExMm

https://github.com/uriparser/uriparser/blob/uriparser-0.9.8/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/liburiparser/liburiparser.hash | 2 +-
 package/liburiparser/liburiparser.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/liburiparser/liburiparser.hash b/package/liburiparser/liburiparser.hash
index 73b4ec6867..f2e3317897 100644
--- a/package/liburiparser/liburiparser.hash
+++ b/package/liburiparser/liburiparser.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  1ddae35cb3cc2c36e8199829d46f1c7f8b222e74a723fdae67ec8561e1ac5a39  uriparser-0.9.7.tar.xz
+sha256  1d71c054837ea32a31e462bce5a1af272379ecf511e33448e88100b87ff73b2e  uriparser-0.9.8.tar.xz
 sha256  287f09e6546a9610f949f89e8fb937cacfeabd7bfaa8c8a0c18312193bf04ad3  COPYING
diff --git a/package/liburiparser/liburiparser.mk b/package/liburiparser/liburiparser.mk
index 6d25b1d9bb..b0ba8c387b 100644
--- a/package/liburiparser/liburiparser.mk
+++ b/package/liburiparser/liburiparser.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBURIPARSER_VERSION = 0.9.7
+LIBURIPARSER_VERSION = 0.9.8
 LIBURIPARSER_SOURCE = uriparser-$(LIBURIPARSER_VERSION).tar.xz
 LIBURIPARSER_SITE = https://github.com/uriparser/uriparser/releases/download/uriparser-$(LIBURIPARSER_VERSION)
 LIBURIPARSER_LICENSE = BSD-3-Clause
-- 
2.43.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/liburiparser: security bump to version 0.9.8
  2024-05-05 19:08 [Buildroot] [PATCH 1/1] package/liburiparser: security bump to version 0.9.8 Fabrice Fontaine
@ 2024-05-06 20:02 ` Thomas Petazzoni via buildroot
  2024-05-27  6:00 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2024-05-06 20:02 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Bernd Kuhls, buildroot

On Sun,  5 May 2024 21:08:21 +0200
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> - Fixed: [CVE-2024-34402]
>     Protect against integer overflow in ComposeQueryEngine
> - Fixed: [CVE-2024-34403]
>     Protect against integer overflow in ComposeQueryMallocExMm
> 
> https://github.com/uriparser/uriparser/blob/uriparser-0.9.8/ChangeLog
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/liburiparser/liburiparser.hash | 2 +-
>  package/liburiparser/liburiparser.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/liburiparser: security bump to version 0.9.8
  2024-05-05 19:08 [Buildroot] [PATCH 1/1] package/liburiparser: security bump to version 0.9.8 Fabrice Fontaine
  2024-05-06 20:02 ` Thomas Petazzoni via buildroot
@ 2024-05-27  6:00 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2024-05-27  6:00 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Bernd Kuhls, buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > - Fixed: [CVE-2024-34402]
 >     Protect against integer overflow in ComposeQueryEngine
 > - Fixed: [CVE-2024-34403]
 >     Protect against integer overflow in ComposeQueryMallocExMm

 > https://github.com/uriparser/uriparser/blob/uriparser-0.9.8/ChangeLog

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2024.02.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-05-27  6:01 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-05-05 19:08 [Buildroot] [PATCH 1/1] package/liburiparser: security bump to version 0.9.8 Fabrice Fontaine
2024-05-06 20:02 ` Thomas Petazzoni via buildroot
2024-05-27  6:00 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox