mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-05 14:09:53 +03:00
10a31b5be8
- Drop patches (already in version) and so autoreconf - Update COPYING hash (gpl mailing address updated with9bd45cc06e6a5997fbd6) - Fix CVE-2022-43634: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646. - Fix CVE-2022-45188: Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). - Fix CVE-2023-42464: Validate data type in dalloc_value_for_key() https://github.com/Netatalk/netatalk/blob/netatalk-3-1-17/NEWS Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> (cherry picked from commit d170cde0272401fd79b0bd100b72da25b2a13e5c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>