diff options
| author | Baruch Siach <baruch@tkos.co.il> | 2018-02-23 07:22:31 +0200 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2018-02-23 09:08:48 +0100 |
| commit | 38d8d86d31147ef83d1d79f67b7ae90e4cefaaea (patch) | |
| tree | bca5f954f0f060baeed602a601b1357db33e2d05 /package/patch/patch.hash | |
| parent | 3b7a59304a9c377b9aec1303d85a60d019b4b9b2 (diff) | |
| download | buildroot-38d8d86d31147ef83d1d79f67b7ae90e4cefaaea.tar.gz buildroot-38d8d86d31147ef83d1d79f67b7ae90e4cefaaea.zip | |
patch: security bump to version 2.7.6
Fixes CVE-2016-10713: Out-of-bounds access within pch_write_line() in
pch.c can possibly lead to DoS via a crafted input file.
Add upstream patch fixing CVE-2018-6951: There is a segmentation fault,
associated with a NULL pointer dereference, leading to a denial of
service in the intuit_diff_type function in pch.c, aka a "mangled
rename" issue.
This bump does NOT fix CVE-2018-6952. See upstream bug #53133
(https://savannah.gnu.org/bugs/index.php?53133).
Add license file hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/patch/patch.hash')
| -rw-r--r-- | package/patch/patch.hash | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/package/patch/patch.hash b/package/patch/patch.hash index d6e3a2d261..917d951a94 100644 --- a/package/patch/patch.hash +++ b/package/patch/patch.hash @@ -1,2 +1,4 @@ # Locally calculated after checking pgp signature -sha256 fd95153655d6b95567e623843a0e77b81612d502ecf78a489a4aed7867caa299 patch-2.7.5.tar.xz +sha256 ac610bda97abe0d9f6b7c963255a11dcb196c25e337c61f94e4778d632f1d8fd patch-2.7.6.tar.xz +# Locally calculated +sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING |
