rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Baruch Siach <baruch@tkos.co.il>
	Fri, 23 Feb 2018 05:22:31 +0000 (07:22 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Fri, 23 Feb 2018 08:08:48 +0000 (09:08 +0100)
commit	38d8d86d31147ef83d1d79f67b7ae90e4cefaaea
tree	bca5f954f0f060baeed602a601b1357db33e2d05	tree \| snapshot
parent	3b7a59304a9c377b9aec1303d85a60d019b4b9b2	commit \| diff

patch: security bump to version 2.7.6

Fixes CVE-2016-10713: Out-of-bounds access within pch_write_line() in
pch.c can possibly lead to DoS via a crafted input file.

Add upstream patch fixing CVE-2018-6951: There is a segmentation fault,
associated with a NULL pointer dereference, leading to a denial of
service in the intuit_diff_type function in pch.c, aka a "mangled
rename" issue.

This bump does NOT fix CVE-2018-6952. See upstream bug #53133
(https://savannah.gnu.org/bugs/index.php?53133).

Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/patch/0001-Fix-segfault-with-mangled-rename-patch.patch	[new file with mode: 0644]	blob
package/patch/patch.hash		diff \| blob \| history
package/patch/patch.mk		diff \| blob \| history