libzip: security bump to version 1.3.0 - buildroot

diff options

author	Peter Korsgaard <peter@korsgaard.com>	2017-09-07 23:21:33 +0200
committer	Peter Korsgaard <peter@korsgaard.com>	2017-09-08 11:16:56 +0200
commit	f77fb7b585b76b9c544b21fc3bf080660a54cb7b (patch)
tree	0d51ae7f154f89bfc7986abc54748580187144b9 /package/python-ipython/python-ipython.mk
parent	0e19178c53f6f9fd886d02f4be19c73743ad30a5 (diff)
download	buildroot-f77fb7b585b76b9c544b21fc3bf080660a54cb7b.tar.gz buildroot-f77fb7b585b76b9c544b21fc3bf080660a54cb7b.zip

libzip: security bump to version 1.3.0

Fixes the following security issues: CVE-2017-12858: Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors. CVE-2017-14107: The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive. For more details, see https://blogs.gentoo.org/ago/2017/09/01/libzip-use-after-free-in-_zip_buffer_free-zip_buffer-c/ https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/ libzip-1.3.0 also adds optional bzip2 support, so handle that. While we're at it, add a hash for the license file. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Diffstat (limited to 'package/python-ipython/python-ipython.mk')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: