rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Peter Korsgaard <peter@korsgaard.com>
	Mon, 29 May 2017 21:54:48 +0000 (23:54 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Tue, 30 May 2017 07:03:20 +0000 (09:03 +0200)
commit	2fb7cbeb743e343fcc4aa37d6015b0a523c8b16f
tree	73f28e143a22560881b54c2ace4f1df3a27a3296	tree \| snapshot
parent	eddaf1f00eb0b54b21f2e450fc66f0db8b7dbdca	commit \| diff

libtasn1: security bump to version 4.12

Fixes CVE-2017-7650: Two errors in the "asn1_find_node()" function
(lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to
cause a stacked-based buffer overflow by tricking a user into processing a
specially crafted assignments file via the e.g. asn1Coding utility.

For more details, see:

https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/

Or the 1.4.11 release mail (no mail about 1.4.12, but identical to 1.4.11 +
a soname fix):

https://lists.gnu.org/archive/html/help-libtasn1/2017-05/msg00003.html

Remove 0001-configure-don-t-add-Werror-to-build-flags.patch and autoreconf
as that patch is now upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libtasn1/0001-configure-don-t-add-Werror-to-build-flags.patch	[deleted file]	blob \| history
package/libtasn1/libtasn1.hash		diff \| blob \| history
package/libtasn1/libtasn1.mk		diff \| blob \| history