Message ID | Yoe28imNyGUIMxBi@waldemar-brodkorb.de |
---|---|
State | Accepted |
Headers | show |
Series | package/uclibc: update to 1.0.41 | expand |
On Fri, 20 May 2022 17:42:42 +0200 Waldemar Brodkorb <wbx@openadk.org> wrote: > Fixes CVE-2022-30295. > > See here: > https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/ > > Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> > --- > package/uclibc/uclibc.hash | 4 ++-- > package/uclibc/uclibc.mk | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) Applied to master, thanks. I've changed the commit title to "security bump to 1.0.41". For future security related version bumps, please make sure that the commit title includes "security" so that it gets handled in priority. Thanks a lot! Thomas
>>>>> "Thomas" == Thomas Petazzoni via buildroot <buildroot@buildroot.org> writes: > On Fri, 20 May 2022 17:42:42 +0200 > Waldemar Brodkorb <wbx@openadk.org> wrote: >> Fixes CVE-2022-30295. >> >> See here: >> https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/ >> >> Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> >> --- >> package/uclibc/uclibc.hash | 4 ++-- >> package/uclibc/uclibc.mk | 2 +- >> 2 files changed, 3 insertions(+), 3 deletions(-) > Applied to master, thanks. I've changed the commit title to "security > bump to 1.0.41". For future security related version bumps, please make > sure that the commit title includes "security" so that it gets handled > in priority. Committed to 2022.02.x, thanks.
diff --git a/package/uclibc/uclibc.hash b/package/uclibc/uclibc.hash index 989c9d887a..3b29c351b5 100644 --- a/package/uclibc/uclibc.hash +++ b/package/uclibc/uclibc.hash @@ -1,4 +1,4 @@ -# From https://downloads.uclibc-ng.org/releases/1.0.40/uClibc-ng-1.0.40.tar.xz.sha256 -sha256 d863f01815a64174d5019c73475e8aff5b60848a13876e79daf5d3d83ce7f889 uClibc-ng-1.0.40.tar.xz +# From https://downloads.uclibc-ng.org/releases/1.0.41/uClibc-ng-1.0.41.tar.xz.sha256 +sha256 b32a92a0218d95922d6976464e6ef51e2ebacfbcdb605820458d9dbb8a61e025 uClibc-ng-1.0.41.tar.xz # Locally calculated sha256 6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3 COPYING.LIB diff --git a/package/uclibc/uclibc.mk b/package/uclibc/uclibc.mk index d79eaa1d0d..5006aa0cb6 100644 --- a/package/uclibc/uclibc.mk +++ b/package/uclibc/uclibc.mk @@ -4,7 +4,7 @@ # ################################################################################ -UCLIBC_VERSION = 1.0.40 +UCLIBC_VERSION = 1.0.41 UCLIBC_SOURCE = uClibc-ng-$(UCLIBC_VERSION).tar.xz UCLIBC_SITE = https://downloads.uclibc-ng.org/releases/$(UCLIBC_VERSION) UCLIBC_LICENSE = LGPL-2.1+
Fixes CVE-2022-30295. See here: https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/ Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> --- package/uclibc/uclibc.hash | 4 ++-- package/uclibc/uclibc.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)