rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

]> rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

projects / coffee / buildroot.git / commit

author	Jörg Krause <joerg.krause@embedded.rocks>
	Wed, 20 Sep 2017 13:09:31 +0000 (15:09 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Wed, 20 Sep 2017 17:20:48 +0000 (19:20 +0200)
commit	74ac045c80893177fc7a8b3672245bb9ab132773
tree	7f931d26f39f339443d63c21d4b6b9ad793fa6bc	tree \| snapshot
parent	f1e499b778c0d114e9c88276d6ab5ea80c1384a7	commit \| diff

augeas: security bump to version 1.8.1

Fixes CVE-2017-7555 - Augeas versions up to and including 1.8.0 are
vulnerable to heap-based buffer overflow due to improper handling of escaped
strings. Attacker could send crafted strings that would cause the
application using augeas to copy past the end of a buffer, leading to a
crash or possible code execution.

[Peter: extend description]
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/augeas/augeas.hash		diff \| blob \| history
package/augeas/augeas.mk		diff \| blob \| history

RSS Atom