* [Buildroot] [PATCH 1/1] package/libyang: security bump to version 2.1.111
@ 2023-09-27 20:51 Fabrice Fontaine
2023-09-28 9:27 ` Peter Korsgaard
2023-09-30 10:29 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2023-09-27 20:51 UTC (permalink / raw)
To: buildroot; +Cc: Heiko Thiery, Jan Kundrát, Fabrice Fontaine
- Fix CVE-2023-26916: libyang from v2.0.164 to v2.1.30 was discovered to
contain a NULL pointer dereference via the function lys_parse_mem at
lys_parse_mem.c.
- Fix CVE-2023-26917: libyang from v2.0.164 to v2.1.30 was discovered to
contain a NULL pointer dereference via the function
lysp_stmt_validate_value at lys_parse_mem.c.
https://github.com/CESNET/libyang/releases/tag/v2.1.55
https://github.com/CESNET/libyang/releases/tag/v2.1.80
https://github.com/CESNET/libyang/releases/tag/v2.1.111
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/libyang/libyang.hash | 2 +-
package/libyang/libyang.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/libyang/libyang.hash b/package/libyang/libyang.hash
index 26a28d6eed..3658b20e4e 100644
--- a/package/libyang/libyang.hash
+++ b/package/libyang/libyang.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 761cfd959342b147f6a43a84c931c7fde68dd3a1ad540a0e5302288b204f073d libyang-2.1.30.tar.gz
+sha256 3e52b922fcf371933ad7de1686ad83504e3358236e7817b5af795b0db52fa221 libyang-2.1.111.tar.gz
sha256 0b7ec43747d211a1e49c53588b0822062947bab6bdcc95238578beab34cba5bb LICENSE
diff --git a/package/libyang/libyang.mk b/package/libyang/libyang.mk
index f160035c09..5533c7c68e 100644
--- a/package/libyang/libyang.mk
+++ b/package/libyang/libyang.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBYANG_VERSION = 2.1.30
+LIBYANG_VERSION = 2.1.111
LIBYANG_SITE = $(call github,CESNET,libyang,v$(LIBYANG_VERSION))
LIBYANG_LICENSE = BSD-3-Clause
LIBYANG_LICENSE_FILES = LICENSE
--
2.40.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libyang: security bump to version 2.1.111
2023-09-27 20:51 [Buildroot] [PATCH 1/1] package/libyang: security bump to version 2.1.111 Fabrice Fontaine
@ 2023-09-28 9:27 ` Peter Korsgaard
2023-09-30 10:29 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-09-28 9:27 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Heiko Thiery, Jan Kundrát, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - Fix CVE-2023-26916: libyang from v2.0.164 to v2.1.30 was discovered to
> contain a NULL pointer dereference via the function lys_parse_mem at
> lys_parse_mem.c.
> - Fix CVE-2023-26917: libyang from v2.0.164 to v2.1.30 was discovered to
> contain a NULL pointer dereference via the function
> lysp_stmt_validate_value at lys_parse_mem.c.
> https://github.com/CESNET/libyang/releases/tag/v2.1.55
> https://github.com/CESNET/libyang/releases/tag/v2.1.80
> https://github.com/CESNET/libyang/releases/tag/v2.1.111
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libyang: security bump to version 2.1.111
2023-09-27 20:51 [Buildroot] [PATCH 1/1] package/libyang: security bump to version 2.1.111 Fabrice Fontaine
2023-09-28 9:27 ` Peter Korsgaard
@ 2023-09-30 10:29 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-09-30 10:29 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Heiko Thiery, Jan Kundrát, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - Fix CVE-2023-26916: libyang from v2.0.164 to v2.1.30 was discovered to
> contain a NULL pointer dereference via the function lys_parse_mem at
> lys_parse_mem.c.
> - Fix CVE-2023-26917: libyang from v2.0.164 to v2.1.30 was discovered to
> contain a NULL pointer dereference via the function
> lysp_stmt_validate_value at lys_parse_mem.c.
> https://github.com/CESNET/libyang/releases/tag/v2.1.55
> https://github.com/CESNET/libyang/releases/tag/v2.1.80
> https://github.com/CESNET/libyang/releases/tag/v2.1.111
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2023.02.x and 2023.08.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-09-30 10:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-27 20:51 [Buildroot] [PATCH 1/1] package/libyang: security bump to version 2.1.111 Fabrice Fontaine
2023-09-28 9:27 ` Peter Korsgaard
2023-09-30 10:29 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox