code.ossystems Code Review - openembedded-core.git/commit

author	Yue Tao <Yue.Tao@windriver.com>
	Tue, 15 Aug 2017 09:55:23 +0000 (02:55 -0700)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 15 Aug 2017 23:06:15 +0000 (00:06 +0100)
commit	6176151625c971de031e14c97601ffd75a29772f
tree	d51af86b7c216d7155568fe9ef16ce25e883ea0f	tree \| snapshot
parent	bfc148a40fd5b9936e63e9af901b5c8aaf7e8e5b	commit \| diff

libtasn1: CVE-2017-10790

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes
a NULL pointer dereference and crash when reading crafted input that
triggers assignment of a NULL value within an asn1_node structure. It
may lead to a remote denial of service attack.

References:
https://nvd.nist.gov/vuln/detail/CVE-2017-10790
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;
h=d8d805e1f2e6799bb2dff4871a8598dc83088a39

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-support/gnutls/libtasn1/CVE-2017-10790.patch	[new file with mode: 0644]	blob
meta/recipes-support/gnutls/libtasn1_4.12.bb		diff \| blob \| history