[Buildroot] [PATCH-2017.02.x] nodejs: security bump to version 6.11.1
Peter Korsgaard
peter at korsgaard.com
Sat Jul 15 14:28:30 UTC 2017
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni at free-electrons.com> writes:
> Hello,
> On Fri, 14 Jul 2017 15:17:24 +0200, Peter Korsgaard wrote:
>> >>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
>>
>> > Fixes CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
>> > is used for parsing NAPTR responses, could be triggered to read memory
>> > outside of the given input buffer if the passed in DNS response packet was
>> > crafted in a particular way. This patch checks that there is enough data
>> > for the required elements of an NAPTR record (2 int16, 3 bytes for string
>> > lengths) before processing a record.
>>
>> > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
>>
>> Committed to 2017.02.x, thanks.
> For some reason, the status of this patch hadn't been updated to
> "Accepted" in patchwork, so I've done so now.
Probably because I forgot to run my script. Almost all commits to the
2017.02.x are just cherry picks of other commits, so I normally don't
need to update patchwork.
Thanks for fixing it.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list