summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBaruch Siach <baruch@tkos.co.il>2018-06-11 19:08:43 +0300
committerPeter Korsgaard <peter@korsgaard.com>2018-06-11 21:36:52 +0200
commit0647268416ecf5c50741838fae4fc48b1c0750be (patch)
tree1b2c70d347c06dc4c37dcc76fdf2c021ad087e5a
parentb78a365b56eeb57030b8e3ca98c23dddfc416820 (diff)
downloadbuildroot-0647268416ecf5c50741838fae4fc48b1c0750be.tar.gz
buildroot-0647268416ecf5c50741838fae4fc48b1c0750be.zip
gnupg: security bump to version 1.4.23
Fixes CVE-2018-12020: Unsanitized file names might cause injection of terminal control characters into the status output of gnupg. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat
-rw-r--r--package/gnupg/gnupg.hash4
-rw-r--r--package/gnupg/gnupg.mk2
2 files changed, 3 insertions, 3 deletions
diff --git a/package/gnupg/gnupg.hash b/package/gnupg/gnupg.hash
index abd76cde9c..3bacdf6563 100644
--- a/package/gnupg/gnupg.hash
+++ b/package/gnupg/gnupg.hash
@@ -1,3 +1,3 @@
# Locally computed based on signature
-# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-1.4.22.tar.bz2.sig
-sha256 9594a24bec63a21568424242e3f198b9d9828dea5ff0c335e47b06f835f930b4 gnupg-1.4.22.tar.bz2
+# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-1.4.23.tar.bz2.sig
+sha256 c9462f17e651b6507848c08c430c791287cd75491f8b5a8b50c6ed46b12678ba gnupg-1.4.23.tar.bz2
diff --git a/package/gnupg/gnupg.mk b/package/gnupg/gnupg.mk
index 3ff202b709..ac9047894d 100644
--- a/package/gnupg/gnupg.mk
+++ b/package/gnupg/gnupg.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GNUPG_VERSION = 1.4.22
+GNUPG_VERSION = 1.4.23
GNUPG_SOURCE = gnupg-$(GNUPG_VERSION).tar.bz2
GNUPG_SITE = https://gnupg.org/ftp/gcrypt/gnupg
GNUPG_LICENSE = GPL-3.0+
OpenPOWER on IntegriCloud