mirror of
https://git.busybox.net/buildroot.git
synced 2024-11-23 21:43:30 +08:00
26a46564f3
Fix CVE-2020-11105: An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| .. | ||
| 0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch | ||
| cereal.hash | ||
| cereal.mk | ||
| Config.in | ||