From: Baruch Siach via buildroot <buildroot@buildroot.org>
To: Akhilesh Nema <nemaakhilesh@gmail.com>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/socat: security bump to version 1.8.0.2
Date: Sun, 02 Feb 2025 07:38:31 +0200 [thread overview]
Message-ID: <8734gw29ew.fsf@tarshish> (raw)
In-Reply-To: <20250202002102.44367-1-nemaakhilesh@gmail.com> (Akhilesh Nema's message of "Sat, 1 Feb 2025 16:21:02 -0800")
Hi Akhilesh,
On Sat, Feb 01 2025, Akhilesh Nema wrote:
> It fixes an arbitrary file overwrite vulnerability in the readline.sh.
> (CVE-2024-54661)
Thanks for the patch.
Note that technically Buildroot is not vulnerable since we do not
install readline.sh. But this update to good to have anyway.
baruch
> see - http://www.dest-unreach.org/socat/contrib/socat-secadv9.html
>
> README hash changed due to version update.
>
> Signed-off-by: Akhilesh Nema <nemaakhilesh@gmail.com>
> ---
> package/socat/socat.hash | 6 +++---
> package/socat/socat.mk | 2 +-
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/package/socat/socat.hash b/package/socat/socat.hash
> index 70c6e6a8f1..136dce4a71 100644
> --- a/package/socat/socat.hash
> +++ b/package/socat/socat.hash
> @@ -1,8 +1,8 @@
> # From http://www.dest-unreach.org/socat/download.md5sum
> -md5 e53a6e8e8594ac87476fe4ae361bbcd1 socat-1.8.0.1.tar.bz2
> +md5 7272fe53d51c63ca0e08e0339681803a socat-1.8.0.2.tar.bz2
> # From http://www.dest-unreach.org/socat/download.sha256sum
> -sha256 6a283565db7cf86292c6f70504c58abb03e29888adeed5a6c5f3457e803c1b81 socat-1.8.0.1.tar.bz2
> +sha256 adc07a9c2723527cf6568d2fb96559794cf9c254a4bc2edd36f7f3789e9f7625 socat-1.8.0.2.tar.bz2
> # Locally calculated
> -sha256 6c07bae42bf0a919c9dd6583f76cc9020a472652dcdad3e84923074a1f412d75 README
> +sha256 a18cf021c6380e8ef212c7a95460aff2d96fe9e2146bb09058651bc3b86f4d43 README
> sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
> sha256 fd9e48ca316a5032069b9521f4f4b4d9b1c60365012bae1e62286bcd5bd2e761 COPYING.OpenSSL
> diff --git a/package/socat/socat.mk b/package/socat/socat.mk
> index 84d9cd3cf8..aa9a94aec4 100644
> --- a/package/socat/socat.mk
> +++ b/package/socat/socat.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -SOCAT_VERSION = 1.8.0.1
> +SOCAT_VERSION = 1.8.0.2
> SOCAT_SOURCE = socat-$(SOCAT_VERSION).tar.bz2
> SOCAT_SITE = http://www.dest-unreach.org/socat/download
> SOCAT_LICENSE = GPL-2.0 with OpenSSL exception
--
~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2025-02-02 5:38 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-02 0:21 [Buildroot] [PATCH 1/1] package/socat: security bump to version 1.8.0.2 Akhilesh Nema
2025-02-02 5:38 ` Baruch Siach via buildroot [this message]
2025-02-02 11:30 ` Julien Olivain
2025-02-02 22:28 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8734gw29ew.fsf@tarshish \
--to=buildroot@buildroot.org \
--cc=baruch@tkos.co.il \
--cc=nemaakhilesh@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox