[Buildroot] [PATCH 1/1] package/ntfs-3g: security bump to version 2022.10.3
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Sun Nov 13 21:17:58 UTC 2022
On Sat, 12 Nov 2022 22:36:55 +0100
Fabrice Fontaine <fontaine.fabrice at gmail.com> wrote:
> Fix CVE-2022-40284: A buffer overflow was discovered in NTFS-3G before
> 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A
> local attacker can exploit this if the ntfs-3g binary is setuid root. A
> physically proximate attacker can exploit this if NTFS-3G software is
> configured to execute upon attachment of an external storage device.
>
> https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-v4w8-jv3w-7prm
> https://github.com/tuxera/ntfs-3g/releases/tag/2022.10.3
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> ---
> package/ntfs-3g/ntfs-3g.hash | 2 +-
> package/ntfs-3g/ntfs-3g.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list