[Buildroot] [PATCH] package/netatalk: security bump to version 3.1.23

Peter Korsgaard peter at korsgaard.com
Tue Jan 1 15:30:37 UTC 2019


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes CVE-2018-1160: Netatalk before 3.1.12 is vulnerable to an out of
 > bounds write in dsi_opensess.c.  This is due to lack of bounds checking on
 > attacker controlled data.  A remote unauthenticated attacker can leverage
 > this vulnerability to achieve arbitrary code execution.

 > For more details, see the release notes:
 > http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2018.02.x and 2018.11.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list