bee91a9d88
This security vulnerability is known as Baron Samedit [1] and there is a research by Qualys [2] and they discovered it. Unfortunately or fortunately, there isn't present sudoedit on OpenWrt. Two patches were applied cleanly and the other two required manual intervention. Those were backported from version 1.9.5p2 [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156 [2] https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> |
||
|---|---|---|
| .. | ||
| 010-cross-compile-fixes.patch | ||
| 020-no-owner-change.patch | ||
| 030-CVE-2021-3156.patch | ||