[Buildroot] [PATCH master] busybox: add upstream security fixes

Peter Korsgaard peter at korsgaard.com
Tue Apr 10 20:45:44 UTC 2018


>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:

 > CVE-2017-15873: Integer overflow in decompress_bunzip2.c leads to a read
 > access violation

 > CVE-2017-15874: Integer overflow in decompress_unlzma.c leads to a read
 > access violation

 > Cc: Adam Duskett <aduskett at gmail.com>
 > Signed-off-by: Baruch Siach <baruch at tkos.co.il>
 > ---

 > This is only applicable to master. These fixes are already in version
 > 1.28.0 that is now in next.

 > Care should be take to remove these patches when next is merged into
 > master.

Committed to 2017.02.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list