[1/1] package/exfat-utils: security bump to version 1.4.0

Message ID	20230304135341.25447-1-fontaine.fabrice@gmail.com
State	Accepted
Headers	show Return-Path: <buildroot-bounces@buildroot.org> From: Fabrice Fontaine <fontaine.fabrice@gmail.com> To: buildroot@buildroot.org Date: Sat, 4 Mar 2023 14:53:41 +0100 Message-Id: <20230304135341.25447-1-fontaine.fabrice@gmail.com> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1677938025; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=47IRhhWNXUCEVZJJMwcWfUmXhgeiVojGe1iBX1zT+Cw=; b=bzXPN8G1xnL9GHPqzLa2i7o/P0ESJXZzX/Zt5euV8az3Vwklel9JpQIZPVsU3iqd9W 3uNN0RQPRF+kEiZEMAvXDMY//q6MPtC/kADVPgFvRJbXmaW1UMnknzUBG61rgw+Hhra9 CKkjI04cLwnkhBIes3GFMlu3J4ew15HsygTvVyj6wj3jBJb31BdU/2L5Fh71Qq+sfsKQ cMLG6DEmVIVYUnPc/DRTSK4u5VStlLNYYjpL7ZkHLw5MAp4h2I2wOQz7mYJhw7QWApsD uizs/pCNKZHKz4gYKpJhBemmwi9a3j2yPICAkEpbD8dQoEtadx6p8npIkGiaA03ZcQL2 nqHA== X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=bzXPN8G1 Subject: [Buildroot] [PATCH 1/1] package/exfat-utils: security bump to version 1.4.0 Precedence: list Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	[1/1] package/exfat-utils: security bump to version 1.4.0 \| expand [1/1] package/exfat-utils: security bump to version 1.4.0

Message ID

20230304135341.25447-1-fontaine.fabrice@gmail.com

State

Accepted

Headers

From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@buildroot.org
Date: Sat,  4 Mar 2023 14:53:41 +0100
Message-Id: <20230304135341.25447-1-fontaine.fabrice@gmail.com>
MIME-Version: 1.0
X-Mailman-Original-Authentication-Results: smtp1.osuosl.org;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.a=rsa-sha256 header.s=20210112 header.b=bzXPN8G1
Subject: [Buildroot] [PATCH 1/1] package/exfat-utils: security bump to
 version 1.4.0
X-BeenThere: buildroot@buildroot.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.buildroot.org>
List-Unsubscribe: <https://lists.buildroot.org/mailman/options/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=unsubscribe>
List-Archive: <http://lists.buildroot.org/pipermail/buildroot/>
List-Post: <mailto:buildroot@buildroot.org>
List-Help: <mailto:buildroot-request@buildroot.org?subject=help>
List-Subscribe: <https://lists.buildroot.org/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=subscribe>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

[1/1] package/exfat-utils: security bump to version 1.4.0 | expand

Commit Message

Fabrice Fontaine March 4, 2023, 1:53 p.m. UTC

Fix CVE-2022-29973: relan exFAT 1.3.0 allows local users to obtain
sensitive information (data from deleted files in the filesystem) in
certain situations involving offsets beyond ValidDataLength.

https://github.com/relan/exfat/releases/tag/v1.4.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/exfat-utils/exfat-utils.hash | 2 +-
 package/exfat-utils/exfat-utils.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

Comments

Peter Korsgaard March 5, 2023, 2:25 p.m. UTC | #1

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix CVE-2022-29973: relan exFAT 1.3.0 allows local users to obtain
 > sensitive information (data from deleted files in the filesystem) in
 > certain situations involving offsets beyond ValidDataLength.

 > https://github.com/relan/exfat/releases/tag/v1.4.0

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed, thanks.

Peter Korsgaard March 15, 2023, 1:04 p.m. UTC | #2

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix CVE-2022-29973: relan exFAT 1.3.0 allows local users to obtain
 > sensitive information (data from deleted files in the filesystem) in
 > certain situations involving offsets beyond ValidDataLength.

 > https://github.com/relan/exfat/releases/tag/v1.4.0

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2022.11.x and 2022.02.x, thanks.

diff --git a/package/exfat-utils/exfat-utils.hash b/package/exfat-utils/exfat-utils.hash
index 6c6e09ccf0..b4ed8bc568 100644
--- a/package/exfat-utils/exfat-utils.hash
+++ b/package/exfat-utils/exfat-utils.hash
@@ -1,3 +1,3 @@ 
 # Locally calculated
-sha256  dfebd07a7b907e2d603d3a9626e6440bd43ec6c4e8c07ccfc57ce9502b724835  exfat-utils-1.3.0.tar.gz
+sha256  241575fa93104406a47e79e53e4d907bae69886f11621f70a45276c62b75bf69  exfat-utils-1.4.0.tar.gz
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/exfat-utils/exfat-utils.mk b/package/exfat-utils/exfat-utils.mk
index fa471952f2..c02cefb0c5 100644
--- a/package/exfat-utils/exfat-utils.mk
+++ b/package/exfat-utils/exfat-utils.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-EXFAT_UTILS_VERSION = 1.3.0
+EXFAT_UTILS_VERSION = 1.4.0
 EXFAT_UTILS_SITE = https://github.com/relan/exfat/releases/download/v$(EXFAT_UTILS_VERSION)
 EXFAT_UTILS_LICENSE = GPL-2.0+
 EXFAT_UTILS_LICENSE_FILES = COPYING

[1/1] package/exfat-utils: security bump to version 1.4.0

Commit Message

Comments

Patch