projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a41d44a) | patch
libidn: add fix for CVE-2017-14062
authorBaruch Siach <baruch@tkos.co.il>
Fri, 15 Sep 2017 04:40:20 +0000 (07:40 +0300)
committerPeter Korsgaard <peter@korsgaard.com>
Fri, 22 Sep 2017 15:36:42 +0000 (17:36 +0200)
commit49cb795f7965328ce7a57cbc3736b0fc03919fe7
treeabef3ea40f60b83fdfb2ab7fc8b5a61b78ce7d5etree
parenta41d44a8c93b63e8ba2da32b1680333f77ec1452commit | diff
libidn: add fix for CVE-2017-14062

Add upstream patch fixing CVE-2017-14062:

Integer overflow in the decode_digit function in puny_decode.c in
Libidn2 before 2.0.4 allows remote attackers to cause a denial of
service or possibly have unspecified other impact.

This issue also affects libidn.

Unfortunately, the patch also triggers reconf of the documentation
subdirectory, since lib/punycode.c is listed in GDOC_SRC that is defined
in doc/Makefile.am. Add autoreconf to handle that.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/libidn/0001-lib-punycode.c-decode_digit-Fix-integer-overflow.patch [new file with mode: 0644] blob
package/libidn/libidn.mk diff | blob | history