kumquat-buildroot/package/cereal
Fabrice Fontaine 26a46564f3 package/cereal: fix CVE-2020-11105
Fix CVE-2020-11105: An issue was discovered in USC iLab cereal through
1.3.0. It employs caching of std::shared_ptr values, using the raw
pointer address as a unique identifier. This becomes problematic if an
std::shared_ptr variable goes out of scope and is freed, and a new
std::shared_ptr is allocated at the same address. Serialization fidelity
thereby becomes dependent upon memory layout. In short, serialized
std::shared_ptr variables cannot always be expected to serialize back
into their original values. This can have any number of consequences,
depending on the context within which this manifests.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-04 18:20:41 +01:00
..
0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch
cereal.hash
cereal.mk
Config.in