diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2016-12-19 14:13:24 +0100 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2016-12-19 23:14:28 +0100 |
| commit | 738a80e2ebb80f66213d20c53166ffea0f0cc0da (patch) | |
| tree | 7480602fc3542cbb7763c5ac3fc3689a75d2ecd3 /package/python-cssutils/python-cssutils.hash | |
| parent | e9da17dead181483f593cad361e854d6e047679e (diff) | |
| download | buildroot-738a80e2ebb80f66213d20c53166ffea0f0cc0da.tar.gz buildroot-738a80e2ebb80f66213d20c53166ffea0f0cc0da.zip | |
libupnp: add upstream security fix for CVE-2016-8863
Fix out-of-bound access in create_url_list()
If there is an invalid URL in URLS->buf after a valid one, uri_parse is
called with out pointing after the allocated memory. As uri_parse writes
to *out before returning an error the loop in create_url_list must be
stopped early to prevent an out-of-bound access.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c489cbad775380b4c7586574e3dae8dc67ee9087)
Diffstat (limited to 'package/python-cssutils/python-cssutils.hash')
0 files changed, 0 insertions, 0 deletions

