projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f1e499b) | patch
augeas: security bump to version 1.8.1
authorJörg Krause <joerg.krause@embedded.rocks>
Wed, 20 Sep 2017 13:09:31 +0000 (15:09 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Wed, 20 Sep 2017 17:20:48 +0000 (19:20 +0200)
commit74ac045c80893177fc7a8b3672245bb9ab132773
tree7f931d26f39f339443d63c21d4b6b9ad793fa6bctree
parentf1e499b778c0d114e9c88276d6ab5ea80c1384a7commit | diff
augeas: security bump to version 1.8.1

Fixes CVE-2017-7555 - Augeas versions up to and including 1.8.0 are
vulnerable to heap-based buffer overflow due to improper handling of escaped
strings.  Attacker could send crafted strings that would cause the
application using augeas to copy past the end of a buffer, leading to a
crash or possible code execution.

[Peter: extend description]
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/augeas/augeas.hash diff | blob | history
package/augeas/augeas.mk diff | blob | history