Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | libtasn1: CVE-2017-10790 | Yue Tao | 2017-08-17 | 1 | -0/+1 |
| | | | | | | | | | | | | | | | | | | The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. References: https://nvd.nist.gov/vuln/detail/CVE-2017-10790 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit; h=d8d805e1f2e6799bb2dff4871a8598dc83088a39 (From OE-Core rev: 6176151625c971de031e14c97601ffd75a29772f) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||||
* | libtasn1: upgrade 4.10 -> 4.12 | Maxin B. John | 2017-06-03 | 1 | -0/+23 |
Noteworthy changes: 1. Introduced the ASN1_TIME_ENCODING_ERROR error code to indicate an invalid encoding in the DER time fields. 2. Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag allows decoding errors in time fields even when in strict DER mode. 3. Added safety check in asn1_find_node(). That prevents a crash when a very long variable name is provided by the developer. (From OE-Core rev: 61752a41f2f0abe61e805d2ef1292cec1e202c36) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |