[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lwip-devel] Fixing CVE-2020-22283 & CVE-2020-22284
|
From: |
Erik Ekman |
|
Subject: |
Re: [lwip-devel] Fixing CVE-2020-22283 & CVE-2020-22284 |
|
Date: |
Sun, 15 Aug 2021 14:32:11 +0200 |
Simon just merged lots of fixes to the stable branch:
https://git.savannah.nongnu.org/cgit/lwip.git/log/?h=STABLE-2_1_x
This includes fixes for these bugs, maybe you can take them from there?
Simon, are you planning to do a new 2.1 release from this?
/Erik
On Sun, 8 Aug 2021 at 20:12, Joan Lledó via lwip-devel
<lwip-devel@nongnu.org> wrote:
>
> Hi,
>
> I'm maintaining the lwip package in Debian, now I'd like to apply the
> patches to fix he CVEs 2020-22283 & 2020-22284, which are in [1] & [2].
>
> The Debian package takes the code from the 2.1.2 release, at [3], and I
> can't apply the commits at [1] & [2] directly since they are created
> from a later code.
>
> Attached is a patch I wrote, basically adding the implementation for
> pbuf_copy_partial_pbuf and calling it from icmp6.c and zepif.c
>
> Could any of you take a fast look at it and tell me if it seems ok? I'd
> appreciate it.
>
> Regards
>
> ---
> [1] https://savannah.nongnu.org/bugs/index.php?58553
> [2] https://savannah.nongnu.org/bugs/index.php?58554
> [3]
> https://git.savannah.nongnu.org/cgit/lwip.git/tree/?h=STABLE-2_1_2_RELEASE
> _______________________________________________
> lwip-devel mailing list
> lwip-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/lwip-devel