首頁 探索 說明
登入
PUBLIC_REPOS
/
buildroot
镜像来自 git://git.buildroot.net/buildroot
2
1
複刻 0
檔案
瀏覽代碼

package/zeromq: security bump to version 4.3.2

Fixes the following security issue:

CVE-2019-13132: a remote, unauthenticated client connecting to a
libzmq application, running with a socket listening with CURVE
encryption/authentication enabled, may cause a stack overflow and
overwrite the stack with arbitrary data, due to a buffer overflow in
the library. Users running public servers with the above configuration
are highly encouraged to upgrade as soon as possible, as there are no
known mitigations. All versions from 4.0.0 and upwards are affected.
Thank you Fang-Pen Lin for finding the issue and reporting it!

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Peter: mention security impact]
(cherry picked from commit 45e5cd5a2bab8502f0752b565c2ae77fd154a40f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf Kahlon 6 年之前
父節點
05993a62c0
當前提交
8e01d65f61
共有 2 個文件被更改,包括 3 次插入3 次删除
分割檢視 顯示文件統計
  1. 2 2
      package/zeromq/zeromq.hash
  2. 1 1
      package/zeromq/zeromq.mk

+ 2 - 2
package/zeromq/zeromq.hash
查看文件 

@@ -1,6 +1,6 @@
 
 # From https://github.com/zeromq/libzmq/releases
 
-md5  64cbf3577afdbfda30358bc757a6ac83  zeromq-4.3.1.tar.gz
 
-sha1 6cce22d830eaf95feff7cab00744df13ad7ab7f3  zeromq-4.3.1.tar.gz
 
+md5  2047e917c2cc93505e2579bcba67a573 zeromq-4.3.2.tar.gz
 
+sha1 e5253bff214f77621b3d29443f1aa6e5a106ffe5  zeromq-4.3.2.tar.gz
 
 # Locally computed
 
 sha256 bcbabe1e2c7d0eec4ed612e10b94b112dd5f06fcefa994a0c79a45d835cd21eb  zeromq-4.3.1.tar.gz
 
 sha256 4fd86507c9b486764343065a9e035222869a27b5789efeb4fd93edc85412d7a3  COPYING

+ 1 - 1
package/zeromq/zeromq.mk
查看文件 

@@ -4,7 +4,7 @@
 
 #
 
 ################################################################################
 
 
-ZEROMQ_VERSION = 4.3.1
 
+ZEROMQ_VERSION = 4.3.2
 
 ZEROMQ_SITE = https://github.com/zeromq/libzmq/releases/download/v$(ZEROMQ_VERSION)
 
 ZEROMQ_INSTALL_STAGING = YES
 
 ZEROMQ_DEPENDENCIES = util-linux