package/libtomcrypt: add security patch for CVE-2019-17362
CVE-2019-17362:
"The der_decode_utf8_string function (in der_decode_utf8_string.c) does not
properly detect certain invalid UTF-8 sequences. This allows
context-dependent attackers to cause a denial of service (out-of-bounds read
and crash) or read information from other memory locations via carefully
crafted DER-encoded data."
Details:
https://github.com/libtom/libtomcrypt/issues/507
https://nvd.nist.gov/vuln/detail/CVE-2019-17362
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
projects / buildroot.git / commit