rsync: add upstream security fix for CVE-2017-16548 - buildroot

diff options

author	Peter Korsgaard <peter@korsgaard.com>	2017-12-19 12:56:28 +0100
committer	Peter Korsgaard <peter@korsgaard.com>	2017-12-19 21:50:52 +0100
commit	7f33f1d848908975b513f852873ae4fdb2702183 (patch)
tree	2e1380836e3fa782dfbecaac398bc0ed40d9c8ae /package/json-c/json-c.mk
parent	d4e3441a1c61570be580724ec48132879e8c7dc8 (diff)
download	buildroot-7f33f1d848908975b513f852873ae4fdb2702183.tar.gz buildroot-7f33f1d848908975b513f852873ae4fdb2702183.zip

rsync: add upstream security fix for CVE-2017-16548

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. For more details, see: https://bugzilla.samba.org/show_bug.cgi?id=13112 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Diffstat (limited to 'package/json-c/json-c.mk')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: