path: root/package/elfutils/0004-fts.patch
diff options
authorGravatar Titouan Christophe <titouan.christophe@railnova.eu>2020-04-08 11:50:55 +0200
committerGravatar Peter Korsgaard <peter@korsgaard.com>2020-04-08 17:19:46 +0200
commit20bf02ce18bc8bb9f2f5298e4c8a3c570fbe6691 (patch)
treede98bdf5a7bbaffa1c33bd1f41b26052ea26c347 /package/elfutils/0004-fts.patch
parente78684e4338487e66b126d69af619cc5143c9e52 (diff)
package/thrift: security bump to v0.13HEADmaster
Drop patch because the linker error no longer appears on br-x86-64-musl. v0.13.0 fixes the following CVEs: CVE-2019-0205: In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings. CVE-2019-0210: In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. Also update the hash file to the new two-spaces convention Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/elfutils/0004-fts.patch')
0 files changed, 0 insertions, 0 deletions