kumquat-buildroot

NetCube-Systems-Austria/kumquat-buildroot

Fork 0

Commit Graph

Author	SHA1	Message	Date
Fabrice Fontaine	26a46564f3	package/cereal: fix CVE-2020-11105 Fix CVE-2020-11105: An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2021-02-04 18:20:41 +01:00
Fabrice Fontaine	b93d767141	package/cereal: add CEREAL_CPE_ID_VENDOR cpe:2.3🅰️usc:cereal is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ausc%3Acereal Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>	2021-01-11 21:55:38 +01:00
Thomas De Schampheleire	ac713c230a	package/cereal: new package Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>	2019-12-25 22:46:39 +01:00

Author

SHA1

Message

Date

Fabrice Fontaine

26a46564f3

package/cereal: fix CVE-2020-11105

Fix CVE-2020-11105: An issue was discovered in USC iLab cereal through
1.3.0. It employs caching of std::shared_ptr values, using the raw
pointer address as a unique identifier. This becomes problematic if an
std::shared_ptr variable goes out of scope and is freed, and a new
std::shared_ptr is allocated at the same address. Serialization fidelity
thereby becomes dependent upon memory layout. In short, serialized
std::shared_ptr variables cannot always be expected to serialize back
into their original values. This can have any number of consequences,
depending on the context within which this manifests.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

2021-02-04 18:20:41 +01:00

Fabrice Fontaine

b93d767141

package/cereal: add CEREAL_CPE_ID_VENDOR

cpe:2.3🅰️usc:cereal is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ausc%3Acereal

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

2021-01-11 21:55:38 +01:00

Thomas De Schampheleire

ac713c230a

package/cereal: new package

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

2019-12-25 22:46:39 +01:00

3 Commits