* [Buildroot] [PATCH] gnupg: security bump to version 1.4.23
@ 2018-06-11 16:08 Baruch Siach
2018-06-11 19:37 ` Peter Korsgaard
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Baruch Siach @ 2018-06-11 16:08 UTC (permalink / raw)
To: buildroot
Fixes CVE-2018-12020: Unsanitized file names might cause injection of
terminal control characters into the status output of gnupg.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
package/gnupg/gnupg.hash | 4 ++--
package/gnupg/gnupg.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/gnupg/gnupg.hash b/package/gnupg/gnupg.hash
index abd76cde9c5e..3bacdf6563f3 100644
--- a/package/gnupg/gnupg.hash
+++ b/package/gnupg/gnupg.hash
@@ -1,3 +1,3 @@
# Locally computed based on signature
-# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-1.4.22.tar.bz2.sig
-sha256 9594a24bec63a21568424242e3f198b9d9828dea5ff0c335e47b06f835f930b4 gnupg-1.4.22.tar.bz2
+# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-1.4.23.tar.bz2.sig
+sha256 c9462f17e651b6507848c08c430c791287cd75491f8b5a8b50c6ed46b12678ba gnupg-1.4.23.tar.bz2
diff --git a/package/gnupg/gnupg.mk b/package/gnupg/gnupg.mk
index 3ff202b709d9..ac9047894d4d 100644
--- a/package/gnupg/gnupg.mk
+++ b/package/gnupg/gnupg.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GNUPG_VERSION = 1.4.22
+GNUPG_VERSION = 1.4.23
GNUPG_SOURCE = gnupg-$(GNUPG_VERSION).tar.bz2
GNUPG_SITE = https://gnupg.org/ftp/gcrypt/gnupg
GNUPG_LICENSE = GPL-3.0+
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] gnupg: security bump to version 1.4.23
2018-06-11 16:08 [Buildroot] [PATCH] gnupg: security bump to version 1.4.23 Baruch Siach
@ 2018-06-11 19:37 ` Peter Korsgaard
2018-06-17 15:52 ` Peter Korsgaard
2018-07-17 7:26 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2018-06-11 19:37 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> Fixes CVE-2018-12020: Unsanitized file names might cause injection of
> terminal control characters into the status output of gnupg.
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] gnupg: security bump to version 1.4.23
2018-06-11 16:08 [Buildroot] [PATCH] gnupg: security bump to version 1.4.23 Baruch Siach
2018-06-11 19:37 ` Peter Korsgaard
@ 2018-06-17 15:52 ` Peter Korsgaard
2018-07-17 7:26 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2018-06-17 15:52 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> Fixes CVE-2018-12020: Unsanitized file names might cause injection of
> terminal control characters into the status output of gnupg.
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed to 2018.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] gnupg: security bump to version 1.4.23
2018-06-11 16:08 [Buildroot] [PATCH] gnupg: security bump to version 1.4.23 Baruch Siach
2018-06-11 19:37 ` Peter Korsgaard
2018-06-17 15:52 ` Peter Korsgaard
@ 2018-07-17 7:26 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2018-07-17 7:26 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> Fixes CVE-2018-12020: Unsanitized file names might cause injection of
> terminal control characters into the status output of gnupg.
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed to 2018.05.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-07-17 7:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-11 16:08 [Buildroot] [PATCH] gnupg: security bump to version 1.4.23 Baruch Siach
2018-06-11 19:37 ` Peter Korsgaard
2018-06-17 15:52 ` Peter Korsgaard
2018-07-17 7:26 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.