[Buildroot] [PATCH v2 1/2] package/glibc: bump version for additional post-2.30 security fixes

Peter Korsgaard peter at korsgaard.com
Tue May 12 11:58:07 UTC 2020


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security vulnerabilities:
 > CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
 >   corruption when they were passed a pseudo-zero argument.  Reported by Guido
 >   Vranken / ForAllSecure Mayhem.

 > CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
 >   out-of-bounds write when executed in a signal frame context.

 > CVE-2020-1752: A use-after-free vulnerability in the glob function when
 >   expanding ~user has been fixed.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2020.02.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list