[Buildroot] [PATCH 1/1] libfcgi:add security patch for CVE-2012-6687

Mon Feb 8 06:15:58 UTC 2016

Hello Thomas,

Thanks for your inputs . I'll change my mail configuration as :

 Niranjan Reddy <niranjan.reddy at rockwellcollins.com> .

 You can find the patch in the debain/patches folder with file name "poll".

Anton Kortunov <toshic.toshic at gmail.com> is the author of the patch and
i'll change it .

Thanks,
Niranjan Reddy.
Rockwell Collins

On Sat, Feb 6, 2016 at 3:52 AM, Thomas Petazzoni <
thomas.petazzoni at free-electrons.com> wrote:

> Hello Niranjan,
>
> Could you fix your mail configuration so that your From is:
>
>         Niranjan Reddy <niranjan.reddy at rockwellcollins.com>
>
> Indeed, the From: field gets used as the Git author.
>
> On Fri,  5 Feb 2016 10:59:40 +0530, niranjan.reddy wrote:
> > Fix-CVE-2012-6687 - remote attackers cause a denial of service (crash)
> > via a large number of connections (
> http://www.cvedetails.com/cve/CVE-2012-6687/).
> > use poll in os_unix.c instead of select to avoid problem with > 1024
> connections.
> > The patch libfcgi_2.4.0-8.3.debian.tar.xz is taken from the below link:
> > (https://launchpad.net/ubuntu/+source/libfcgi/2.4.0-8.3)
>
> I don't understand, I had a look at this Debian tarball, and couldn't
> spot the fix. Also below, you're signing off the patch, which seems to
> indicate your are the author of it.
>
> Could you clarify ?
>
> > The next release of libfcgi is 2.4.1 which may have this fix is yet to
> be released
> > officially.
> >
> > Signed-off-by: niranjan.reddy <niranjan.reddy at rockwellcollins.com>
>
> Please use Niranjan Reddy and not niranjan.reddy.
>
> Thanks,
>
> Thomas
> --
> Thomas Petazzoni, CTO, Free Electrons
> Embedded Linux, Kernel and Android engineering
> http://free-electrons.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20160208/80b92848/attachment-0002.html>