gnupg: security bump to version 1.4.17

Fixes CVE-2014-4617: The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
author: Gustavo Zacarias <gustavo@zacarias.com.ar> 2014-06-25 15:41:54 -0300
committer: Peter Korsgaard <peter@korsgaard.com> 2014-06-25 22:29:53 +0200
commit: 2402634f5a2142202f2b34e206fbebaf58ca1a3c (patch)
tree: f122a12d0be643e98035acab94f29b747e113b14
parent: 2001bf94bf1c23b0b7e5851cf4488971e1cd7b38 (diff)
download: buildroot-2402634f5a2142202f2b34e206fbebaf58ca1a3c.tar.gz
buildroot-2402634f5a2142202f2b34e206fbebaf58ca1a3c.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/package/gnupg/gnupg.mk b/package/gnupg/gnupg.mk
index c334ac64b5..4c969673c1 100644
--- a/package/gnupg/gnupg.mk
+++ b/package/gnupg/gnupg.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GNUPG_VERSION = 1.4.16
+GNUPG_VERSION = 1.4.17
 GNUPG_SOURCE = gnupg-$(GNUPG_VERSION).tar.bz2
 GNUPG_SITE = ftp://ftp.gnupg.org/gcrypt/gnupg
 GNUPG_LICENSE = GPLv3+
author	Gustavo Zacarias <gustavo@zacarias.com.ar>	2014-06-25 15:41:54 -0300
committer	Peter Korsgaard <peter@korsgaard.com>	2014-06-25 22:29:53 +0200
commit	2402634f5a2142202f2b34e206fbebaf58ca1a3c (patch)
tree	f122a12d0be643e98035acab94f29b747e113b14
parent	2001bf94bf1c23b0b7e5851cf4488971e1cd7b38 (diff)
download	buildroot-2402634f5a2142202f2b34e206fbebaf58ca1a3c.tar.gz buildroot-2402634f5a2142202f2b34e206fbebaf58ca1a3c.zip