[Buildroot] [PATCH 1/1] package/libxcrypt: security bump to version 4.4.25

Peter Korsgaard peter at korsgaard.com
Mon Sep 13 20:39:31 UTC 2021


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > - Fix several issues found by Covscan in the testsuite. These include:
 >   - CWE-170: String not null terminated (STRING_NULL)
 >   - CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST)
 >   - CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
 >   - CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH)
 >   - CWE-573: Missing varargs init or cleanup (VARARGS)
 >   - CWE-687: Argument cannot be negative (NEGATIVE_RETURNS)
 > - Update hash of LICENSING due to files being updated with:
 >   https://github.com/besser82/libxcrypt/commit/44e9eb57b462cfbaeb085cea0e308511565f4a12
 >   https://github.com/besser82/libxcrypt/commit/578271c3776a442fa55ac5f5ea83c7dc83ede979

 > https://github.com/besser82/libxcrypt/blob/v4.4.25/NEWS

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list