projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c4ea32d) | patch
package/musl: add upstream security fix for CVE-2020-28928
authorPeter Korsgaard <peter@korsgaard.com>
Fri, 20 Nov 2020 17:46:32 +0000 (18:46 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Sun, 22 Nov 2020 14:27:12 +0000 (15:27 +0100)
commit09caefda2a8aac8ea4dd3744791621a1c8321dab
treeff8517c5619626239c2222d173ef9bdfdb4caa63tree
parentc4ea32d0061585a41ef724124b82be337442ce2acommit | diff
package/musl: add upstream security fix for CVE-2020-28928

The wcsnrtombs function has been found to have multiple bugs in handling of
destination buffer size when limiting the input character count, which can
lead to infinite loop with no forward progress (no overflow) or writing past
the end of the destination buffer.

For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/11/20/4

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/musl/0003-rewrite-wcsnrtombs-to-fix-buffer-overflow-and-other-.patch [new file with mode: 0644] blob