<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot/package/libidn/0001-lib-punycode.c-decode_digit-Fix-integer-overflow.patch, branch 2017.11.2</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2017.11.2</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2017.11.2'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2017-09-22T15:36:42+00:00</updated>
<entry>
<title>libidn: add fix for CVE-2017-14062</title>
<updated>2017-09-22T15:36:42+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2017-09-15T04:40:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=49cb795f7965328ce7a57cbc3736b0fc03919fe7'/>
<id>urn:sha1:49cb795f7965328ce7a57cbc3736b0fc03919fe7</id>
<content type='text'>
Add upstream patch fixing CVE-2017-14062:

Integer overflow in the decode_digit function in puny_decode.c in
Libidn2 before 2.0.4 allows remote attackers to cause a denial of
service or possibly have unspecified other impact.

This issue also affects libidn.

Unfortunately, the patch also triggers reconf of the documentation
subdirectory, since lib/punycode.c is listed in GDOC_SRC that is defined
in doc/Makefile.am. Add autoreconf to handle that.

Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
</feed>
