[Buildroot] [PATCH 1/1] package/libtomcrypt: add security patch for CVE-2019-17362
Peter Korsgaard
peter at korsgaard.com
Wed Dec 25 21:44:07 UTC 2019
>>>>> "Thomas" == Thomas De Schampheleire <patrickdepinguin at gmail.com> writes:
> From: Thomas De Schampheleire <thomas.de_schampheleire at nokia.com>
> CVE-2019-17362:
> "The der_decode_utf8_string function (in der_decode_utf8_string.c) does not
> properly detect certain invalid UTF-8 sequences. This allows
> context-dependent attackers to cause a denial of service (out-of-bounds read
> and crash) or read information from other memory locations via carefully
> crafted DER-encoded data."
> Details:
> https://github.com/libtom/libtomcrypt/issues/507
> https://nvd.nist.gov/vuln/detail/CVE-2019-17362
> Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire at nokia.com>
Committed to 2019.02.x and 2019.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list