projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 77ef9c3) | patch
package/shadowsocks-libev: security bump to version 3.3.4
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Thu, 27 Aug 2020 21:10:03 +0000 (23:10 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Thu, 27 Aug 2020 21:29:37 +0000 (23:29 +0200)
commitfd3dd9d9c5b502c8c67aac6b4fad1534f0b10b4b
tree4a6d364489ff2590b29c568f84c270a1d0946f9dtree
parent77ef9c333cdc13d1a51d88dbad8c4459c2dca156commit | diff
package/shadowsocks-libev: security bump to version 3.3.4

- Fix CVE-2019-5163: An exploitable denial-of-service vulnerability
  exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When
  utilizing a Stream Cipher and a local_address, arbitrary UDP packets
  can cause a FATAL error code path and exit. An attacker can send
  arbitrary UDP packets to trigger this vulnerability.
- Fix CVE-2019-5164: An exploitable code execution vulnerability exists
  in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted
  network packets sent to ss-manager can cause an arbitrary binary to
  run, resulting in code execution and privilege escalation. An attacker
  can send network packets to trigger this vulnerability.

Also update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/shadowsocks-libev/shadowsocks-libev.hash diff | blob | history
package/shadowsocks-libev/shadowsocks-libev.mk diff | blob | history