[Buildroot] [PATCH 1/1] package/rpm: security bump to version 4.16.1.3
Peter Korsgaard
peter at korsgaard.com
Sun Apr 4 09:50:44 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> - Fix arbitrary data copied from signature header past signature
> checking (CVE-2021-3421)
> - Fix signature check bypass with corrupted package (CVE-2021-20271)
> - Fix missing bounds checks in headerImport() and headerCheck()
> (CVE-2021-20266)
> - Fix missing sanity checks on header entry count and region data
> overlap
> - Fix access past end of header if the last entry is string type
> - Fix unsafe headerCopyLoad() still used in codebase
> Drop all patches (already in version)
> https://rpm.org/wiki/Releases/4.16.1.3.html
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2020.02.x, 2020.11.x and 2021.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list