[Buildroot] [PATCH] tcpreplay: security bump to version 4.3.1

Peter Korsgaard peter at korsgaard.com
Thu Jan 24 11:30:38 UTC 2019


>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:

 > Upstream CHANGELOG entry for 4.3.0 lists these fixes:
 >     - CVE-2018-18408 use-after-free in post_args (#489)
 >     - CVE-2018-18407 heap-buffer-overflow csum_replace4 (#488)
 >     - CVE-2018-17974 heap-buffer-overflow dlt_en10mb_encode (#486)
 >     - CVE-2018-17580 heap-buffer-overflow fast_edit_packet (#485)
 >     - CVE-2018-17582 heap-buffer-overflow in get_next_packet (#484)
 > 	- CVE-2018-13112 heap-buffer-overflow in get_l2len (#477 dup #408)

 > Drop tr_cv_libpcap_version and ac_cv_have_bpf; unused in current
 > configure script.

 > Make configure script use pcap-config to list library dependencies.
 > Unfortunately, pcap-config is not entirely correct, so we still need to
 > set the LIBS variable for static linking.

 > Use the smaller tar.xz archive.

 > Add license file hash.

 > Signed-off-by: Baruch Siach <baruch at tkos.co.il>

Committed to 2018.02.x and 2018.11.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list