[Buildroot] [PATCH] supervisor: security bump to version 3.1.4
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Sat Sep 9 20:49:18 UTC 2017
Hello,
On Thu, 7 Sep 2017 11:44:59 +0200, Peter Korsgaard wrote:
> Fixes CVE-2017-11610 - The XML-RPC server in supervisor before 3.0.1, 3.1.x
> before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote
> authenticated users to execute arbitrary commands via a crafted XML-RPC
> request, related to nested supervisord namespace lookups.
>
> For more details, see
> https://github.com/Supervisor/supervisor/issues/964
>
> While we're at it, add hashes for the license files.
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> package/supervisor/supervisor.hash | 4 +++-
> package/supervisor/supervisor.mk | 4 ++--
> 2 files changed, 5 insertions(+), 3 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list