[Buildroot] [PATCH master] busybox: add upstream security fixes
Peter Korsgaard
peter at korsgaard.com
Tue Apr 10 20:45:44 UTC 2018
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> CVE-2017-15873: Integer overflow in decompress_bunzip2.c leads to a read
> access violation
> CVE-2017-15874: Integer overflow in decompress_unlzma.c leads to a read
> access violation
> Cc: Adam Duskett <aduskett at gmail.com>
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
> ---
> This is only applicable to master. These fixes are already in version
> 1.28.0 that is now in next.
> Care should be take to remove these patches when next is merged into
> master.
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list