[Buildroot] [PATCH] expat: security bump to version 2.2.1
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Mon Jun 19 20:09:21 UTC 2017
Hello,
On Sun, 18 Jun 2017 23:20:04 +0200, Peter Korsgaard wrote:
> Fixes:
>
> - CVE-2017-9233 - External entity infinite loop DoS. See:
> https://libexpat.github.io/doc/cve-2017-9233/
>
> - CVE-2016-9063 -- Detect integer overflow
>
> And further more:
>
> - Fix regression from fix to CVE-2016-0718 cutting off longer tag names.
>
> - Extend fix for CVE-2016-5300 (use getrandom() if available).
>
> - Extend fix for CVE-2012-0876 (Change hash algorithm to William Ahern's
> version of SipHash).
>
> Also add an upstream patch to fix detection of getrandom().
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> ...c-Fix-mis-detection-of-getrandom-on-Debia.patch | 29 ++++++++++++++++++++++
> package/expat/expat.hash | 8 +++---
> package/expat/expat.mk | 4 ++-
> 3 files changed, 36 insertions(+), 5 deletions(-)
> create mode 100644 package/expat/0001-configure.ac-Fix-mis-detection-of-getrandom-on-Debia.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list