void-packages

History

Enno Boland 41eda40925 git: hotfixing CVE-2016-2324

This applies a patch from master that removes the function containing
the vuln. This explicitly does NOT fix path_appendnew in tree-diff.c.
We might wait for an upstream fix here.

See for reference:
  - http://pastebin.com/UX2P2jjg
  - https://marc.ttias.be/oss-security/2016-03/msg00180.php
    (incorrectly assumes the issue is fixed in the release)
  - http://www.openwall.com/lists/oss-security/2016/03/16/9

2016-03-16 19:11:12 +01:00

patches

template