projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b473cb1) | patch
openocd: add security fix for CVE-2018-5704
authorPeter Korsgaard <peter@korsgaard.com>
Sun, 28 Jan 2018 22:02:56 +0000 (23:02 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 29 Jan 2018 08:47:53 +0000 (09:47 +0100)
commit8fb8dddbf487706891040659959352af8c8d28d4
tree2db79a0e6765f0ab11cb439f9a20682f0268224atree
parentb473cb15429bbe18c3b5be3266025c38df8a7ae3commit | diff
openocd: add security fix for CVE-2018-5704

Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP
POST for sending data to 127.0.0.1 port 4444, which allows remote attackers
to conduct cross-protocol scripting attacks, and consequently execute
arbitrary commands, via a crafted web site.

For more details, see:
https://sourceforge.net/p/openocd/mailman/message/36188041/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/openocd/0003-CVE-2018-5704-Prevent-some-forms-of-Cross-Protocol-S.patch [new file with mode: 0644] blob