git.libre-soc.org Git - buildroot.git/commit

author	Sørensen, Stefan <Stefan.Sorensen@spectralink.com>
	Wed, 3 Apr 2019 06:14:32 +0000 (06:14 +0000)
committer	Peter Korsgaard <peter@korsgaard.com>
	Sun, 7 Apr 2019 20:45:49 +0000 (22:45 +0200)
commit	1dd5576ccb8eadeb8672c8b22df86f4f41dce1d5
tree	94a11a561b3ca5569b3b5b469faf85b91f2bca0b	tree
parent	dc84a9f4f93c5ed085dfe39222b89015ed393be4	commit \| diff

package/gnutls: security bump to 3.6.7.1

Fixes the following security issues:

* CVE-2019-3836: It was discovered in gnutls before version 3.6.7 upstream
   that there is an uninitialized pointer access in gnutls versions 3.6.3 or
   later which can be triggered by certain post-handshake messages

* CVE-2019-3829: A vulnerability was found in gnutls versions from 3.5.8
   before 3.6.7. A memory corruption (double free) vulnerability in the
   certificate verification API. Any client or server application that
   verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

3.6.7.1 is identical to 3.6.7, but fixes a packaging issue in the release
tarball:

https://lists.gnutls.org/pipermail/gnutls-devel/2019-April/013086.html

HTTP URLs changed to HTTPS in COPYING, so update license hash.

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gnutls/gnutls.hash		diff \| blob \| history
package/gnutls/gnutls.mk		diff \| blob \| history