Message ID | 20230304135341.25447-1-fontaine.fabrice@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/exfat-utils: security bump to version 1.4.0 | expand |
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fix CVE-2022-29973: relan exFAT 1.3.0 allows local users to obtain > sensitive information (data from deleted files in the filesystem) in > certain situations involving offsets beyond ValidDataLength. > https://github.com/relan/exfat/releases/tag/v1.4.0 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed, thanks.
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fix CVE-2022-29973: relan exFAT 1.3.0 allows local users to obtain > sensitive information (data from deleted files in the filesystem) in > certain situations involving offsets beyond ValidDataLength. > https://github.com/relan/exfat/releases/tag/v1.4.0 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2022.11.x and 2022.02.x, thanks.
diff --git a/package/exfat-utils/exfat-utils.hash b/package/exfat-utils/exfat-utils.hash index 6c6e09ccf0..b4ed8bc568 100644 --- a/package/exfat-utils/exfat-utils.hash +++ b/package/exfat-utils/exfat-utils.hash @@ -1,3 +1,3 @@ # Locally calculated -sha256 dfebd07a7b907e2d603d3a9626e6440bd43ec6c4e8c07ccfc57ce9502b724835 exfat-utils-1.3.0.tar.gz +sha256 241575fa93104406a47e79e53e4d907bae69886f11621f70a45276c62b75bf69 exfat-utils-1.4.0.tar.gz sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING diff --git a/package/exfat-utils/exfat-utils.mk b/package/exfat-utils/exfat-utils.mk index fa471952f2..c02cefb0c5 100644 --- a/package/exfat-utils/exfat-utils.mk +++ b/package/exfat-utils/exfat-utils.mk @@ -4,7 +4,7 @@ # ################################################################################ -EXFAT_UTILS_VERSION = 1.3.0 +EXFAT_UTILS_VERSION = 1.4.0 EXFAT_UTILS_SITE = https://github.com/relan/exfat/releases/download/v$(EXFAT_UTILS_VERSION) EXFAT_UTILS_LICENSE = GPL-2.0+ EXFAT_UTILS_LICENSE_FILES = COPYING
Fix CVE-2022-29973: relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength. https://github.com/relan/exfat/releases/tag/v1.4.0 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/exfat-utils/exfat-utils.hash | 2 +- package/exfat-utils/exfat-utils.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)