NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
54a5036562
kumquat-buildroot/package/rpm/rpm.hash
Fabrice Fontaine 768152e2a6 package/rpm: security bump to version 4.16.1.3 
- Fix arbitrary data copied from signature header past signature
  checking (CVE-2021-3421)
- Fix signature check bypass with corrupted package (CVE-2021-20271)
- Fix missing bounds checks in headerImport() and headerCheck()
  (CVE-2021-20266)
- Fix missing sanity checks on header entry count and region data
  overlap
- Fix access past end of header if the last entry is string type
- Fix unsafe headerCopyLoad() still used in codebase

Drop all patches (already in version)

https://rpm.org/wiki/Releases/4.16.1.3.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-03 09:09:55 +02:00

6 lines
253 B
Plaintext
Raw Blame History

# From https://rpm.org/wiki/Releases/4.16.1.3.html
sha256 513dc7f972b6e7ccfc9fc7f9c01d5310cc56ee853892e4314fa2cad71478e21d rpm-4.16.1.3.tar.bz2
# Hash for license file
sha256 171d94d9f1641316bff7f157a903237dc69cdb5fca405fed8c832c76ed8370f9 COPYING
Reference in New Issue View Git Blame Copy Permalink