package/libksba: security bump to version 1.6.2

A severe bug has been found in Libksba , the library used by GnuPG for parsing the ASN.1 structures as used by S/MIME. The bug affects all versions of Libksba before 1.6.2 and may be used for remote code execution. Fix CVE-2022-3515 Signed-off-by: Michael Fischer <mf@go-sys.de> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-15 17:27:05 +01:00 · 2022-11-15 17:27:05 +01:00 · 9c0311220f
commit 9c0311220f
parent 8fa2ff2857
2 changed files with 2 additions and 2 deletions
--- a/package/libksba/libksba.hash
+++ b/package/libksba/libksba.hash
@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-sha256  dad683e6f2d915d880aa4bed5cea9a115690b8935b78a1bbe01669189307a48b  libksba-1.6.0.tar.bz2
+sha256  fce01ccac59812bddadffacff017dac2e4762bdb6ebc6ffe06f6ed4f6192c971  libksba-1.6.2.tar.bz2

 # Hash for license files:
 sha256  8f1b87e551d97b2b23b6d3403a5d598c63ea89824cb8ee351f631f6cab2beaa5  AUTHORS
--- a/package/libksba/libksba.mk
+++ b/package/libksba/libksba.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBKSBA_VERSION = 1.6.0
+LIBKSBA_VERSION = 1.6.2
 LIBKSBA_SOURCE = libksba-$(LIBKSBA_VERSION).tar.bz2
 LIBKSBA_SITE = ftp://ftp.gnupg.org/gcrypt/libksba
 LIBKSBA_LICENSE = LGPL-3.0+ or GPL-2.0+ (library, headers), GPL-3.0+ (manual, tests, build system)