From 922fb6ac852af6ba7cb13c93ed361c8adaa668fb Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Fri, 26 Aug 2022 23:34:47 +0200 Subject: [PATCH] package/v4l2loopback: security bump to version 0.12.7 Fix CVE-2022-2652: Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row). https://github.com/umlaeute/v4l2loopback/blob/v0.12.7/ChangeLog Signed-off-by: Fabrice Fontaine Signed-off-by: Yann E. MORIN --- package/v4l2loopback/v4l2loopback.hash | 2 +- package/v4l2loopback/v4l2loopback.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/v4l2loopback/v4l2loopback.hash b/package/v4l2loopback/v4l2loopback.hash index f4491e02d0..d897fd48ff 100644 --- a/package/v4l2loopback/v4l2loopback.hash +++ b/package/v4l2loopback/v4l2loopback.hash @@ -1,3 +1,3 @@ # Locally calculated -sha256 e152cd6df6a8add172fb74aca3a9188264823efa5a2317fe960d45880b9406ae v4l2loopback-0.12.5.tar.gz +sha256 e0782b8abe8f2235e2734f725dc1533a0729e674c4b7834921ade43b9f04939b v4l2loopback-0.12.7.tar.gz sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING diff --git a/package/v4l2loopback/v4l2loopback.mk b/package/v4l2loopback/v4l2loopback.mk index 6ee4b69ef9..84e1927ce3 100644 --- a/package/v4l2loopback/v4l2loopback.mk +++ b/package/v4l2loopback/v4l2loopback.mk @@ -4,7 +4,7 @@ # ################################################################################ -V4L2LOOPBACK_VERSION = 0.12.5 +V4L2LOOPBACK_VERSION = 0.12.7 V4L2LOOPBACK_SITE = $(call github,umlaeute,v4l2loopback,v$(V4L2LOOPBACK_VERSION)) V4L2LOOPBACK_LICENSE = GPL-2.0+ V4L2LOOPBACK_LICENSE_FILES = COPYING