From cb2d0c50e63383768fad45e4fae17a84b620e59a Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sat, 4 Mar 2023 14:53:41 +0100 Subject: [PATCH] package/exfat-utils: security bump to version 1.4.0 Fix CVE-2022-29973: relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength. https://github.com/relan/exfat/releases/tag/v1.4.0 Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard (cherry picked from commit d7085ab3eaeb05fedefdb862efe78ad85ab80187) Signed-off-by: Peter Korsgaard --- package/exfat-utils/exfat-utils.hash | 2 +- package/exfat-utils/exfat-utils.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/exfat-utils/exfat-utils.hash b/package/exfat-utils/exfat-utils.hash index 6c6e09ccf0..b4ed8bc568 100644 --- a/package/exfat-utils/exfat-utils.hash +++ b/package/exfat-utils/exfat-utils.hash @@ -1,3 +1,3 @@ # Locally calculated -sha256 dfebd07a7b907e2d603d3a9626e6440bd43ec6c4e8c07ccfc57ce9502b724835 exfat-utils-1.3.0.tar.gz +sha256 241575fa93104406a47e79e53e4d907bae69886f11621f70a45276c62b75bf69 exfat-utils-1.4.0.tar.gz sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING diff --git a/package/exfat-utils/exfat-utils.mk b/package/exfat-utils/exfat-utils.mk index fa471952f2..c02cefb0c5 100644 --- a/package/exfat-utils/exfat-utils.mk +++ b/package/exfat-utils/exfat-utils.mk @@ -4,7 +4,7 @@ # ################################################################################ -EXFAT_UTILS_VERSION = 1.3.0 +EXFAT_UTILS_VERSION = 1.4.0 EXFAT_UTILS_SITE = https://github.com/relan/exfat/releases/download/v$(EXFAT_UTILS_VERSION) EXFAT_UTILS_LICENSE = GPL-2.0+ EXFAT_UTILS_LICENSE_FILES = COPYING