[Buildroot] [PATCH] package/netatalk: security bump to version 3.1.23
Peter Korsgaard
peter at korsgaard.com
Tue Jan 1 15:30:37 UTC 2019
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes CVE-2018-1160: Netatalk before 3.1.12 is vulnerable to an out of
> bounds write in dsi_opensess.c. This is due to lack of bounds checking on
> attacker controlled data. A remote unauthenticated attacker can leverage
> this vulnerability to achieve arbitrary code execution.
> For more details, see the release notes:
> http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2018.02.x and 2018.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list