[pull] master from buildroot:master #331
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
Fixes the following security vulnerability: CVE-2024-12133: Potential DoS in handling of numerous SEQUENCE OF or SET https://lists.gnu.org/archive/html/help-libtasn1/2025-02/msg00001.html Adjust the license files after upstream moved the license clarification to README.md and moved the COPYING* files top the top level directory / slightly updated the COPYING* files (http->https) with: https://gitlab.com/gnutls/libtasn1/-/commit/73cc886c3ff29c326a5f1a10b3127d521574a1ad Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes the following security vulnerability: CVE-2024-8508: A vulnerability has been discovered in Unbound when handling replies with very large RRsets that Unbound needs to perform name compression for. https://nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt Signed-off-by: Peter Korsgaard <peter@korsgaard.com> [Julien: update pgp key id in hash file] Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes the following security vulnerability: CVE-2024-10573: An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector. https://www.openwall.com/lists/oss-security/2024/10/30/2 Release notes: https://sourceforge.net/p/mpg123/mailman/message/58834094/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes the following security vulnerability: CVE-2024-40724: Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product. assimp/assimp#5651 Fixes: https://nvd.nist.gov/vuln/detail/cve-2024-40724 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> [Julien: add link to cve] Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes CVE-2025-26519: Musl libc: input-controlled out-of-bounds write primitive in iconv() https://www.openwall.com/lists/musl/2025/02/13/1 Fixes: https://nvd.nist.gov/vuln/detail/CVE-2025-26519 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> [Julien: add link to cve] Signed-off-by: Julien Olivain <ju.o@free.fr>
For various bugfixes. Notice that 7.1.1-36 fixed a security vulnerability (CVE-2024-41817), but that issue is specific to the AppImage version: GHSA-8rxc-922v-phg8 Release notes: https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.1-43 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
The package has not been updated since it was added in 2016 and the upstream Github project has been archived as of Feb 17, 2024 - So drop the package. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
The package has not been updated since 2020, has known vulnerabilities and the upstream Github project has been archived as of April 12, 2024 - So drop the package. For reference, AngularJS website [1] reads, at the time of this commit: """ AngularJS support has officially ended as of January 2022. See what ending support means [2] and read the end of life announcement [3]. """ [1] https://angularjs.org/ [2] https://docs.angularjs.org/misc/version-support-status [3] https://goo.gle/angularjs-end-of-life Signed-off-by: Peter Korsgaard <peter@korsgaard.com> [Julien: add end-of-life announce and links in commit log] Signed-off-by: Julien Olivain <ju.o@free.fr>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.1)
Can you help keep this open source service alive? 💖 Please sponsor : )