All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/json-c: security bump to version 0.15
@ 2020-08-27 17:26 Fabrice Fontaine
  2020-08-27 21:10 ` Thomas Petazzoni
  2020-08-28 17:44 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2020-08-27 17:26 UTC (permalink / raw)
  To: buildroot

Fix CVE-2020-12762: json-c through 0.14 has an integer overflow and
out-of-bounds write via a large JSON file, as demonstrated by
printbuf_memappend.

Also update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/json-c/json-c.hash | 4 ++--
 package/json-c/json-c.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/json-c/json-c.hash b/package/json-c/json-c.hash
index 93eaff67c3..a20d370eb0 100644
--- a/package/json-c/json-c.hash
+++ b/package/json-c/json-c.hash
@@ -1,4 +1,4 @@
 # From https://github.com/json-c/json-c/wiki
-sha256 b377de08c9b23ca3b37d9a9828107dff1de5ce208ff4ebb35005a794f30c6870  json-c-0.14.tar.gz
+sha256  b8d80a1ddb718b3ba7492916237bbf86609e9709fb007e7f7d4322f02341a4c6  json-c-0.15.tar.gz
 # Locally calculated
-sha256 74c1e6ca5eba76b54d0ad00d4815c8315c1b3bc45ff99de61d103dc92486284c  COPYING
+sha256  74c1e6ca5eba76b54d0ad00d4815c8315c1b3bc45ff99de61d103dc92486284c  COPYING
diff --git a/package/json-c/json-c.mk b/package/json-c/json-c.mk
index 3e17effdad..5e27c9b23b 100644
--- a/package/json-c/json-c.mk
+++ b/package/json-c/json-c.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-JSON_C_VERSION = 0.14
+JSON_C_VERSION = 0.15
 JSON_C_SITE = https://s3.amazonaws.com/json-c_releases/releases
 JSON_C_INSTALL_STAGING = YES
 JSON_C_LICENSE = MIT
-- 
2.28.0

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/json-c: security bump to version 0.15
  2020-08-27 17:26 [Buildroot] [PATCH 1/1] package/json-c: security bump to version 0.15 Fabrice Fontaine
@ 2020-08-27 21:10 ` Thomas Petazzoni
  2020-08-28 17:44 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2020-08-27 21:10 UTC (permalink / raw)
  To: buildroot

On Thu, 27 Aug 2020 19:26:44 +0200
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> Fix CVE-2020-12762: json-c through 0.14 has an integer overflow and
> out-of-bounds write via a large JSON file, as demonstrated by
> printbuf_memappend.
> 
> Also update indentation in hash file (two spaces)
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/json-c/json-c.hash | 4 ++--
>  package/json-c/json-c.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/json-c: security bump to version 0.15
  2020-08-27 17:26 [Buildroot] [PATCH 1/1] package/json-c: security bump to version 0.15 Fabrice Fontaine
  2020-08-27 21:10 ` Thomas Petazzoni
@ 2020-08-28 17:44 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2020-08-28 17:44 UTC (permalink / raw)
  To: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix CVE-2020-12762: json-c through 0.14 has an integer overflow and
 > out-of-bounds write via a large JSON file, as demonstrated by
 > printbuf_memappend.

 > Also update indentation in hash file (two spaces)

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2020.02.x and 2020.05.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-08-28 17:44 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-27 17:26 [Buildroot] [PATCH 1/1] package/json-c: security bump to version 0.15 Fabrice Fontaine
2020-08-27 21:10 ` Thomas Petazzoni
2020-08-28 17:44 ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.