[Buildroot] [PATCH v1 1/2] package/busybox: udhcp CVE-2018-20679 patch
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Thu Mar 7 21:10:29 UTC 2019
On Wed, 6 Mar 2019 08:22:30 -0600
jared.bents at rockwellcollins.com wrote:
> From: Jared Bents <jared.bents at rockwellcollins.com>
>
> Patch to resolve CVE-2018-20679 which affects versions prior
> to 1.30.0
>
> More information can be found at:
> https://nvd.nist.gov/vuln/detail/CVE-2018-20679
>
> This applies to both master and 2019.02
>
> Signed-off-by: Jared Bents <jared.bents at rockwellcollins.com>
> ---
> ...tions-are-indeed-4-byte-closes-11506.patch | 136 ++++++++++++++++++
> 1 file changed, 136 insertions(+)
> create mode 100644 package/busybox/0004-udhcpc-check-that-4-byte-options-are-indeed-4-byte-closes-11506.patch
I've applied both to master, because it makes them to have them to
backport to 2019.02. However, for master, a followup patch doing an
update to 1.30.1 would be good.
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list