Message ID | 20230904163436.1131078-1-francois.perrad@gadz.org |
---|---|
State | Accepted |
Headers | show |
Series | package/libtommath: security bump to version 1.2.1 | expand |
>>>>> "Francois" == Francois Perrad <fperrad@gmail.com> writes: > This is a bugfix release only containing the fix to a potential integer underflow > which got assigned CVE-2023-36328. > Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Committed, thanks.
>>>>> "Francois" == Francois Perrad <fperrad@gmail.com> writes: > This is a bugfix release only containing the fix to a potential integer underflow > which got assigned CVE-2023-36328. > Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Committed to 2023.02.x and 2023.05.x, thanks.
diff --git a/package/libtommath/0001-Build-test-bn_mp_set_double-c-on-more-platforms.patch b/package/libtommath/0001-Build-test-bn_mp_set_double-c-on-more-platforms.patch index c25002ba7..1cf411b39 100644 --- a/package/libtommath/0001-Build-test-bn_mp_set_double-c-on-more-platforms.patch +++ b/package/libtommath/0001-Build-test-bn_mp_set_double-c-on-more-platforms.patch @@ -20,7 +20,7 @@ diff --git a/demo/test.c b/demo/test.c index 998f14b3..f719709d 100644 --- a/demo/test.c +++ b/demo/test.c -@@ -522,7 +522,7 @@ static int test_mp_invmod(void) +@@ -625,7 +625,7 @@ static int test_mp_invmod(void) } diff --git a/package/libtommath/libtommath.hash b/package/libtommath/libtommath.hash index 9af489ef1..4f5dd4023 100644 --- a/package/libtommath/libtommath.hash +++ b/package/libtommath/libtommath.hash @@ -1,5 +1,5 @@ # Locally computed -sha256 b7c75eecf680219484055fcedd686064409254ae44bc31a96c5032843c0e18b1 ltm-1.2.0.tar.xz +sha256 986025d7b374276fee2e30e99f3649e4ac0db8a02257a37ee10eae72abed0d1f ltm-1.2.1.tar.xz # Hashes for license files: sha256 2fa64b163659f41965c9815882a8296d3d03ff546b76153e11445f9bdecf955a LICENSE diff --git a/package/libtommath/libtommath.mk b/package/libtommath/libtommath.mk index bd3957d6c..25d4e836b 100644 --- a/package/libtommath/libtommath.mk +++ b/package/libtommath/libtommath.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBTOMMATH_VERSION = 1.2.0 +LIBTOMMATH_VERSION = 1.2.1 LIBTOMMATH_SITE = https://github.com/libtom/libtommath/releases/download/v$(LIBTOMMATH_VERSION) LIBTOMMATH_SOURCE = ltm-$(LIBTOMMATH_VERSION).tar.xz LIBTOMMATH_LICENSE = Unlicense
This is a bugfix release only containing the fix to a potential integer underflow which got assigned CVE-2023-36328. Signed-off-by: Francois Perrad <francois.perrad@gadz.org> --- .../0001-Build-test-bn_mp_set_double-c-on-more-platforms.patch | 2 +- package/libtommath/libtommath.hash | 2 +- package/libtommath/libtommath.mk | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-)