Google Git
Sign in
android-kvm / buildroot / 2f7afa54ce8d8f9afd39228b429fbb6290316bc0
commit2f7afa54ce8d8f9afd39228b429fbb6290316bc0[log] [tgz]
authorThomas Perale <thomas.perale@mind.be>Sun Jul 27 11:55:25 2025 +0200
committerJulien Olivain <ju.o@free.fr>Tue Jul 29 00:54:37 2025 +0200
tree96691542a7bc109fe391d3cbed9a2847b7720a30
parent279cb43814abe9e3452541a0e69e2f3945aa2b1b [diff]
package/orc: add patch for CVE-2024-40897

This fixes the following vulnerabilities:

- CVE-2024-40897

 Stack-based buffer overflow vulnerability exists in orcparse.c of ORC
 versions prior to 0.4.39. If a developer is tricked to process a
 specially crafted file with the affected ORC compiler, an arbitrary
 code may be executed on the developer's build environment. This may
 lead to compromise of developer machines or CI build environments.
 https://www.cve.org/CVERecord?id=CVE-2024-40897

For more information, see:
 - https://www.cve.org/CVERecord?id=CVE-2024-40897
 - https://gitlab.freedesktop.org/gstreamer/orc/-/commit/fb7db9ae3e8ac271651d1884a3611d30bac04a98

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
2 files changed
tree: 96691542a7bc109fe391d3cbed9a2847b7720a30
  1. .github/
  2. .gitlab/
  3. arch/
  4. board/
  5. boot/
  6. configs/
  7. docs/
  8. fs/
  9. linux/
  10. package/
  11. support/
  12. system/
  13. toolchain/
  14. utils/
  15. .b4-config
  16. .checkpackageignore
  17. .clang-format
  18. .defconfig
  19. .editorconfig
  20. .flake8
  21. .gitignore
  22. .gitlab-ci.yml
  23. .shellcheckrc
  24. CHANGES
  25. Config.in
  26. Config.in.legacy
  27. COPYING
  28. DEVELOPERS
  29. Makefile
  30. Makefile.legacy
  31. README