projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b6871f9) | patch
package/cereal: fix CVE-2020-11105
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Wed, 3 Feb 2021 20:11:00 +0000 (21:11 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Thu, 4 Feb 2021 17:20:41 +0000 (18:20 +0100)
commit26a46564f395e08cf8c4514c62e38a7d637d8cec
tree9c9e7ee98cdb776b3acc5e9180f27b064935ef50tree
parentb6871f9d93055ec94d6fb88779d44b3235b29ce9commit | diff
package/cereal: fix CVE-2020-11105

Fix CVE-2020-11105: An issue was discovered in USC iLab cereal through
1.3.0. It employs caching of std::shared_ptr values, using the raw
pointer address as a unique identifier. This becomes problematic if an
std::shared_ptr variable goes out of scope and is freed, and a new
std::shared_ptr is allocated at the same address. Serialization fidelity
thereby becomes dependent upon memory layout. In short, serialized
std::shared_ptr variables cannot always be expected to serialize back
into their original values. This can have any number of consequences,
depending on the context within which this manifests.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/cereal/0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch [new file with mode: 0644] blob
package/cereal/cereal.mk diff | blob | history