Fixes CVE-2017-7555 - Augeas versions up to and including 1.8.0 are
vulnerable to heap-based buffer overflow due to improper handling of escaped
strings. Attacker could send crafted strings that would cause the
application using augeas to copy past the end of a buffer, leading to a
crash or possible code execution.
[Peter: extend description]
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Removed AUGEAS_PATCH, patch is included in version bump.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Augeas is a configuration editing tool. It parses configuration files in
their native formats and transforms them into a tree. Configuration
changes are made by manipulating this tree and saving it back into
native config files.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Romain Naour <romain.naour@gmail.com>
[Thomas: fix Config.in comment dependency.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
