* [Buildroot] [git commit] package/unzip: update security patches from Debian
@ 2022-09-17 14:46 Thomas Petazzoni
0 siblings, 0 replies; only message in thread
From: Thomas Petazzoni @ 2022-09-17 14:46 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=7c39958ba1ad9f0b760c72004ceb445e72d7ef86
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fixes CVE-2022-0529 and CVE-2022-0530.
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
package/unzip/unzip.hash | 2 +-
package/unzip/unzip.mk | 10 ++++++----
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/package/unzip/unzip.hash b/package/unzip/unzip.hash
index 8b3f275533..bbf4f7d71f 100644
--- a/package/unzip/unzip.hash
+++ b/package/unzip/unzip.hash
@@ -1,6 +1,6 @@
# From https://snapshot.debian.org/archive/debian/20210110T204103Z/pool/main/u/unzip/unzip_6.0-26.dsc
sha256 036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37 unzip_6.0.orig.tar.gz
-sha256 88cb7c0f1fd13252b662dfd224b64b352f9e75cd86389557fcb23fa6d2638599 unzip_6.0-26.debian.tar.xz
+sha256 67bde7c71d52afd61aa936d4415c8d12fd90ca26e9637a3cd67cae9b71298c12 unzip_6.0-27.debian.tar.xz
# Locally computed:
sha256 7469b81d5d29ac4fd670f7c86ba0cb9fa34f137a2d4d5198437d92ddf918984b LICENSE
diff --git a/package/unzip/unzip.mk b/package/unzip/unzip.mk
index e8c9366a1b..44cc2013fb 100644
--- a/package/unzip/unzip.mk
+++ b/package/unzip/unzip.mk
@@ -6,13 +6,13 @@
UNZIP_VERSION = 6.0
UNZIP_SOURCE = unzip_$(UNZIP_VERSION).orig.tar.gz
-UNZIP_PATCH = unzip_$(UNZIP_VERSION)-26.debian.tar.xz
-UNZIP_SITE = https://snapshot.debian.org/archive/debian/20210110T204103Z/pool/main/u/unzip
+UNZIP_PATCH = unzip_$(UNZIP_VERSION)-27.debian.tar.xz
+UNZIP_SITE = https://snapshot.debian.org/archive/debian/20220916T090657Z/pool/main/u/unzip
UNZIP_LICENSE = Info-ZIP
UNZIP_LICENSE_FILES = LICENSE
UNZIP_CPE_ID_VENDOR = unzip_project
-# unzip_$(UNZIP_VERSION)-26.debian.tar.xz has patches to fix:
+# unzip_$(UNZIP_VERSION)-27.debian.tar.xz has patches to fix:
UNZIP_IGNORE_CVES = \
CVE-2014-8139 \
CVE-2014-8140 \
@@ -24,6 +24,8 @@ UNZIP_IGNORE_CVES = \
CVE-2016-9844 \
CVE-2018-18384 \
CVE-2018-1000035 \
- CVE-2019-13232
+ CVE-2019-13232 \
+ CVE-2022-0529 \
+ CVE-2022-0530
$(eval $(cmake-package))
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-09-17 14:48 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-17 14:46 [Buildroot] [git commit] package/unzip: update security patches from Debian Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.