diff mbox series

[1/1] package/rabbitmq-c: security bump to version 0.10.0

Message ID 20191202175547.1306922-1-fontaine.fabrice@gmail.com
State Accepted
Headers show
Series [1/1] package/rabbitmq-c: security bump to version 0.10.0 | expand

Commit Message

Fabrice Fontaine Dec. 2, 2019, 5:55 p.m. UTC 
Add additional input validation to prevent integer overflow when parsing
a frame header. This addresses CVE-2019-18609.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/rabbitmq-c/rabbitmq-c.hash | 2 +-
 package/rabbitmq-c/rabbitmq-c.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

Comments

Peter Korsgaard Dec. 2, 2019, 9:23 p.m. UTC | #1 
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Add additional input validation to prevent integer overflow when parsing
 > a frame header. This addresses CVE-2019-18609.

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed, thanks.
Peter Korsgaard Dec. 6, 2019, 8:46 a.m. UTC | #2 
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Add additional input validation to prevent integer overflow when parsing
 > a frame header. This addresses CVE-2019-18609.

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2019.02.x and 2019.08.x, thanks.
diff mbox series

Patch

diff --git a/package/rabbitmq-c/rabbitmq-c.hash b/package/rabbitmq-c/rabbitmq-c.hash
index 19fd1cf064..eb57626518 100644
--- a/package/rabbitmq-c/rabbitmq-c.hash
+++ b/package/rabbitmq-c/rabbitmq-c.hash
@@ -1,3 +1,3 @@ 
 # Locally calculated
-sha256 316c0d156452b488124806911a62e0c2aa8a546d38fc8324719cd29aaa493024 rabbitmq-c-0.9.0.tar.gz
+sha256 6455efbaebad8891c59f274a852b75b5cc51f4d669dfc78d2ae7e6cc97fcd8c0 rabbitmq-c-0.10.0.tar.gz
 sha256 94a12c906acb31a66c2c8a6c1b6e46cab52bc5694c5ada2a06d86b05d3d3f422 LICENSE-MIT
diff --git a/package/rabbitmq-c/rabbitmq-c.mk b/package/rabbitmq-c/rabbitmq-c.mk
index 63e05099d9..e059ff706c 100644
--- a/package/rabbitmq-c/rabbitmq-c.mk
+++ b/package/rabbitmq-c/rabbitmq-c.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-RABBITMQ_C_VERSION = 0.9.0
+RABBITMQ_C_VERSION = 0.10.0
 RABBITMQ_C_SITE = $(call github,alanxz,rabbitmq-c,v$(RABBITMQ_C_VERSION))
 RABBITMQ_C_LICENSE = MIT
 RABBITMQ_C_LICENSE_FILES = LICENSE-MIT