* [Buildroot] [git commit] package/hiredis: security bump to version 1.0.2
@ 2021-10-18 19:18 Thomas Petazzoni
0 siblings, 0 replies; only message in thread
From: Thomas Petazzoni @ 2021-10-18 19:18 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=9e092ba253414479c48a283517a2bd66abb6a8bf
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fix CVE-2021-32765: Hiredis is a minimalistic C client library for the
Redis database. In affected versions Hiredis is vulnurable to integer
overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk`
protocol data. When parsing `multi-bulk` (array-like) replies, hiredis
fails to check if `count * sizeof(redisReply*)` can be represented in
`SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make
this check, it would result in a short allocation and subsequent buffer
overflow.
https://github.com/redis/hiredis/blob/v1.0.2/CHANGELOG.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
package/hiredis/hiredis.hash | 2 +-
package/hiredis/hiredis.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/hiredis/hiredis.hash b/package/hiredis/hiredis.hash
index fc01d1f60d..a45cf68f99 100644
--- a/package/hiredis/hiredis.hash
+++ b/package/hiredis/hiredis.hash
@@ -1,3 +1,3 @@
# Locally computed:
-sha256 2a0b5fe5119ec973a0c1966bfc4bd7ed39dbce1cb6d749064af9121fe971936f hiredis-1.0.0.tar.gz
+sha256 e0ab696e2f07deb4252dda45b703d09854e53b9703c7d52182ce5a22616c3819 hiredis-1.0.2.tar.gz
sha256 dca05ce8fc87a8261783b4aed0deef8becc9350b6aa770bc714d0c1833b896eb COPYING
diff --git a/package/hiredis/hiredis.mk b/package/hiredis/hiredis.mk
index f340fb8a4d..a571951fa3 100644
--- a/package/hiredis/hiredis.mk
+++ b/package/hiredis/hiredis.mk
@@ -5,7 +5,7 @@
################################################################################
HIREDIS_VERSION_MAJOR = 1.0
-HIREDIS_VERSION = $(HIREDIS_VERSION_MAJOR).0
+HIREDIS_VERSION = $(HIREDIS_VERSION_MAJOR).2
HIREDIS_SITE = $(call github,redis,hiredis,v$(HIREDIS_VERSION))
HIREDIS_LICENSE = BSD-3-Clause
HIREDIS_LICENSE_FILES = COPYING
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-10-18 19:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-18 19:18 [Buildroot] [git commit] package/hiredis: security bump to version 1.0.2 Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.