augeas: security bump to version 1.8.1

Fixes CVE-2017-7555 - Augeas versions up to and including 1.8.0 are
vulnerable to heap-based buffer overflow due to improper handling of escaped
strings.  Attacker could send crafted strings that would cause the
application using augeas to copy past the end of a buffer, leading to a
crash or possible code execution.

[Peter: extend description]
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/augeas/augeas.hash b/package/augeas/augeas.hash
index 797bddbb6bc5772731ec06153b54ca2d8434d5aa..e044ff42a72ffeec48a622b7c94db54be2f0601e 100644 (file)
--- a/package/augeas/augeas.hash
+++ b/package/augeas/augeas.hash
@@ -1,2 +1,2 @@
 # Locally calculated
-sha256  515ce904138d99ff51d45ba7ed0d809bdee6c42d3bc538c8c820e010392d4cc5  augeas-1.8.0.tar.gz
+sha256  65cf75b5a573fee2a5c6c6e3c95cad05f0101e70d3f9db10d53f6cc5b11bc9f9  augeas-1.8.1.tar.gz

diff --git a/package/augeas/augeas.mk b/package/augeas/augeas.mk
index 1c1461e369204991c00d6351641080249b02aeac..20d09eb39031964450d768e1e218c1c06b9e8f4d 100644 (file)
--- a/package/augeas/augeas.mk
+++ b/package/augeas/augeas.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-AUGEAS_VERSION = 1.8.0
+AUGEAS_VERSION = 1.8.1
 AUGEAS_SITE = http://download.augeas.net
 AUGEAS_INSTALL_STAGING = YES
 AUGEAS_LICENSE = LGPL-2.1+