kumquat-buildroot/package/connman
Fabrice Fontaine 2f2b4c80f4 package/connman: fix CVE-2022-3229{2,3}
Fix CVE-2022-32292: In ConnMan through 1.41, remote attackers able to
send HTTP requests to the gweb component are able to exploit a
heap-based buffer overflow in received_data to execute code.

Fix CVE-2022-32293: In ConnMan through 1.41, a man-in-the-middle attack
against a WISPR HTTP query could be used to trigger a use-after-free in
WISPR handling, leading to crashes or code execution.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-12-10 09:18:48 +01:00
..
0001-gweb-Fix-OOB-write-in-received_data.patch package/connman: fix CVE-2022-3229{2,3} 2022-12-10 09:18:48 +01:00
0002-wispr-Add-reference-counter-to-portal-context.patch package/connman: fix CVE-2022-3229{2,3} 2022-12-10 09:18:48 +01:00
0003-wispr-Update-portal-context-references.patch package/connman: fix CVE-2022-3229{2,3} 2022-12-10 09:18:48 +01:00
Config.in
connman.hash
connman.mk package/connman: fix CVE-2022-3229{2,3} 2022-12-10 09:18:48 +01:00
S45connman