kumquat-buildroot/package/glibc
Peter Korsgaard 1983d2e6a3 package/{glibc, localedef}: security bump for additional post-2.34.x fixes
Fixes the following security issues:

  CVE-2022-23219: Passing an overlong file name to the clnt_create
  legacy function could result in a stack-based buffer overflow when
  using the "unix" protocol.  Reported by Martin Sebor.

  CVE-2022-23218: Passing an overlong file name to the svcunix_create
  legacy function could result in a stack-based buffer overflow.

  CVE-2021-3998: Passing a path longer than PATH_MAX to the realpath
  function could result in a memory leak and potential access of
  uninitialized memory.  Reported by Qualys.

  CVE-2021-3999: Passing a buffer of size exactly 1 byte to the getcwd
  function may result in an off-by-one buffer underflow and overflow
  when the current working directory is longer than PATH_MAX and also
  corresponds to the / directory through an unprivileged mount
  namespace.  Reported by Qualys.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-02-05 13:51:09 +01:00
..
2.34-109-gd64b08d5ba7ffbc9155630f4843cf2e271b1629c
Config.in
glibc.hash
glibc.mk
nsswitch.conf