NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/libkrb5: security bump to version 1.18.3

Browse Source 
Fixes the following security issues:

- CVE-2020-28196: MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before
  1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message
  because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite
  lengths lacks a recursion limit.

Also fix .hash file indentation.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2020-11-22 00:21:49 +01:00
parent 74cce093b0
commit 9b92253b7a
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/libkrb5/libkrb5.hash
View File

@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
sha256 02a4e700f10936f937cd1a4c303cab8687a11abecc6107bd4b706b9329cd5400 krb5-1.18.1.tar.gz
sha256 e61783c292b5efd9afb45c555a80dd267ac67eebabca42185362bee6c4fbd719 krb5-1.18.3.tar.gz
# Hash for license file:
sha256 b7a5f14a8719bce5e49a761998aa55438fc890fb40f71228d6a49546f6d5690d NOTICE
sha256 b7a5f14a8719bce5e49a761998aa55438fc890fb40f71228d6a49546f6d5690d NOTICE

2
package/libkrb5/libkrb5.mk
View File

@ -5,7 +5,7 @@
################################################################################
LIBKRB5_VERSION_MAJOR = 1.18
LIBKRB5_VERSION = $(LIBKRB5_VERSION_MAJOR).1
LIBKRB5_VERSION = $(LIBKRB5_VERSION_MAJOR).3
LIBKRB5_SITE = https://web.mit.edu/kerberos/dist/krb5/$(LIBKRB5_VERSION_MAJOR)
LIBKRB5_SOURCE = krb5-$(LIBKRB5_VERSION).tar.gz
LIBKRB5_SUBDIR = src