From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] package/tcpreplay: security bump to version 4.3.3
Date: Wed, 17 Jun 2020 21:56:54 +0200 [thread overview]
Message-ID: <20200617195654.39410-1-fontaine.fabrice@gmail.com> (raw)
- Fix CVE-2020-12740: tcprewrite in Tcpreplay through 4.3.2 has a
heap-based buffer over-read during a get_c operation. The issue is
being triggered in the function get_ipv6_next() at common/get.c.
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/tcpreplay/tcpreplay.hash | 6 +++---
package/tcpreplay/tcpreplay.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/tcpreplay/tcpreplay.hash b/package/tcpreplay/tcpreplay.hash
index cc00bc09b1..e83efd78b1 100644
--- a/package/tcpreplay/tcpreplay.hash
+++ b/package/tcpreplay/tcpreplay.hash
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
-# https://github.com/appneta/tcpreplay/releases/download/v4.3.2/tcpreplay-4.3.2.tar.xz.asc
+# https://github.com/appneta/tcpreplay/releases/download/v4.3.3/tcpreplay-4.3.3.tar.xz.asc
# using key 84E4FA215C934A7D97DC76D5E9E2149793BDE17E
-sha256 955aed6a40f49a5b8c1234fd0a928edc5c665d94b7755ab5769c30938e33f380 tcpreplay-4.3.2.tar.xz
-sha256 5971b0c544622f4b210a9cc56436a970685d3b0666e373c09e3cf9304db15d05 docs/LICENSE
+sha256 5e960e2a4432f583adbd11fa0855d17b73d9e0f2d6453b749f27aacaee53bab5 tcpreplay-4.3.3.tar.xz
+sha256 5971b0c544622f4b210a9cc56436a970685d3b0666e373c09e3cf9304db15d05 docs/LICENSE
diff --git a/package/tcpreplay/tcpreplay.mk b/package/tcpreplay/tcpreplay.mk
index 39d0f44343..8b395b4962 100644
--- a/package/tcpreplay/tcpreplay.mk
+++ b/package/tcpreplay/tcpreplay.mk
@@ -4,7 +4,7 @@
#
################################################################################
-TCPREPLAY_VERSION = 4.3.2
+TCPREPLAY_VERSION = 4.3.3
TCPREPLAY_SITE = https://github.com/appneta/tcpreplay/releases/download/v$(TCPREPLAY_VERSION)
TCPREPLAY_SOURCE = tcpreplay-$(TCPREPLAY_VERSION).tar.xz
TCPREPLAY_LICENSE = GPL-3.0
--
2.26.2
next reply other threads:[~2020-06-17 19:56 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-17 19:56 Fabrice Fontaine [this message]
2020-06-17 20:00 ` [Buildroot] [PATCH 1/1] package/tcpreplay: security bump to version 4.3.3 Thomas Petazzoni
2020-07-15 19:40 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200617195654.39410-1-fontaine.fabrice@gmail.com \
--to=fontaine.fabrice@gmail.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.