From: Armin Kuster <[email protected]> This update includes: CVE-2016-2090 Heap buffer overflow in fgetwln function of libbsd
libbsd 0.8.1 and earlier contains a buffer overflow in the function fgetwln(). An if checks if it is necessary to reallocate memory in the target buffer. However this check is off by one, therefore an out of bounds write happens. Upstream has released version 0.8.2 to fix this. Signed-off-by: Armin Kuster <[email protected]> --- meta/recipes-support/libbsd/{libbsd_0.8.1.bb => libbsd_0.8.2.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-support/libbsd/{libbsd_0.8.1.bb => libbsd_0.8.2.bb} (91%) diff --git a/meta/recipes-support/libbsd/libbsd_0.8.1.bb b/meta/recipes-support/libbsd/libbsd_0.8.2.bb similarity index 91% rename from meta/recipes-support/libbsd/libbsd_0.8.1.bb rename to meta/recipes-support/libbsd/libbsd_0.8.2.bb index 45420d5..3335386 100644 --- a/meta/recipes-support/libbsd/libbsd_0.8.1.bb +++ b/meta/recipes-support/libbsd/libbsd_0.8.2.bb @@ -37,7 +37,7 @@ SRC_URI = " \ http://libbsd.freedesktop.org/releases/${BPN}-${PV}.tar.xz \ " -SRC_URI[md5sum] = "f3daff0283af6e30f25d68be2deac4ef" -SRC_URI[sha256sum] = "adbc8781ad720bce939b689f38a9f0247732a36792147a7c28027c393c2af9b0" +SRC_URI[md5sum] = "cdee252ccff978b50ad2336278c506c9" +SRC_URI[sha256sum] = "b2f644cae94a6e2fe109449c20ad79a0f6ee4faec2205b07eefa0020565e250a" inherit autotools pkgconfig -- 2.3.5 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
