[Buildroot] [PATCH] zeromq: security bump to version 4.0.5
Peter Korsgaard
jacmet at uclibc.org
Tue Nov 11 21:31:55 UTC 2014
>>>>> "Gustavo" == Gustavo Zacarias <gustavo at zacarias.com.ar> writes:
> Fixes:
> CVE-2014-7202 - stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5
> before 4.0.5 allows man-in-the-middle attackers to conduct downgrade
> attacks via a crafted connection request.
> CVE-2014-7203 - libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not
> ensure that nonces are unique, which allows man-in-the-middle attackers
> to conduct replay attacks via unspecified vectors.
> Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list