rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Peter Korsgaard <peter@korsgaard.com>
	Mon, 29 May 2017 21:54:48 +0000 (23:54 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Thu, 1 Jun 2017 14:35:46 +0000 (16:35 +0200)
commit	4174cdd16fc3bbadfdd90c9f6a270eccdbf60e39
tree	46f39fa79cd73cda108287f20aae3ac24b02206d	tree \| snapshot
parent	5ee60e23e360ba7585970a70e523d842b191c78d	commit \| diff

libtasn1: security bump to version 4.12

Fixes CVE-2017-7650: Two errors in the "asn1_find_node()" function
(lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to
cause a stacked-based buffer overflow by tricking a user into processing a
specially crafted assignments file via the e.g. asn1Coding utility.

For more details, see:

https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/

Or the 1.4.11 release mail (no mail about 1.4.12, but identical to 1.4.11 +
a soname fix):

https://lists.gnu.org/archive/html/help-libtasn1/2017-05/msg00003.html

Remove 0001-configure-don-t-add-Werror-to-build-flags.patch and autoreconf
as that patch is now upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2fb7cbeb743e343fcc4aa37d6015b0a523c8b16f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libtasn1/0001-configure-don-t-add-Werror-to-build-flags.patch	[deleted file]	blob \| history
package/libtasn1/libtasn1.hash		diff \| blob \| history
package/libtasn1/libtasn1.mk		diff \| blob \| history