[Buildroot] [git commit branch/2022.08.x] package/libksba: security bump to version 1.6.2
Peter Korsgaard
peter at korsgaard.com
Wed Nov 23 09:42:49 UTC 2022
commit: https://git.buildroot.net/buildroot/commit/?id=e4c93320bbfed2f616173fb40fe26ad7aadfe55c
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2022.08.x
A severe bug has been found in Libksba , the library used by GnuPG for parsing
the ASN.1 structures as used by S/MIME. The bug affects all versions of Libksba
before 1.6.2 and may be used for remote code execution.
Fix CVE-2022-3515
Signed-off-by: Michael Fischer <mf at go-sys.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
(cherry picked from commit 9c0311220fb627db8af4a2cd8c3adb067e8a308d)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/libksba/libksba.hash | 2 +-
package/libksba/libksba.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/libksba/libksba.hash b/package/libksba/libksba.hash
index 422048be5f..77485c0cb6 100644
--- a/package/libksba/libksba.hash
+++ b/package/libksba/libksba.hash
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
-sha256 dad683e6f2d915d880aa4bed5cea9a115690b8935b78a1bbe01669189307a48b libksba-1.6.0.tar.bz2
+sha256 fce01ccac59812bddadffacff017dac2e4762bdb6ebc6ffe06f6ed4f6192c971 libksba-1.6.2.tar.bz2
# Hash for license files:
sha256 8f1b87e551d97b2b23b6d3403a5d598c63ea89824cb8ee351f631f6cab2beaa5 AUTHORS
diff --git a/package/libksba/libksba.mk b/package/libksba/libksba.mk
index ca5fc1d749..3a8b3fa502 100644
--- a/package/libksba/libksba.mk
+++ b/package/libksba/libksba.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBKSBA_VERSION = 1.6.0
+LIBKSBA_VERSION = 1.6.2
LIBKSBA_SOURCE = libksba-$(LIBKSBA_VERSION).tar.bz2
LIBKSBA_SITE = ftp://ftp.gnupg.org/gcrypt/libksba
LIBKSBA_LICENSE = LGPL-3.0+ or GPL-2.0+ (library, headers), GPL-3.0+ (manual, tests, build system)
More information about the buildroot
mailing list