lwip-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-devel] Fixing CVE-2020-22283 & CVE-2020-22284


From: address@hidden
Subject: Re: [lwip-devel] Fixing CVE-2020-22283 & CVE-2020-22284
Date: Sun, 15 Aug 2021 14:47:40 +0200
User-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0

Am 15.08.2021 um 14:32 schrieb Erik Ekman:
> Simon just merged lots of fixes to the stable branch:
> https://git.savannah.nongnu.org/cgit/lwip.git/log/?h=STABLE-2_1_x
>
> This includes fixes for these bugs, maybe you can take them from there?
>
> Simon, are you planning to do a new 2.1 release from this?

Sorry, I continued the discussion privately with Joan by accident
(answered from my mobile).

I'm a bit surprised we have 2 CVEs. While I knew about the bugs (which
were fixed long ago), I was not informed about the CVEs. I would have
released a 2.1.3 version before if I knew about them.

Anyway, Joan's email led me to do the 2.1.3 release finally. I'll
announce the current state as "beta" and do the release in some days.

Regards,
Simon

>
> /Erik
>
> On Sun, 8 Aug 2021 at 20:12, Joan Lledó via lwip-devel
> <lwip-devel@nongnu.org> wrote:
>>
>> Hi,
>>
>> I'm maintaining the lwip package in Debian, now I'd like to apply the
>> patches to fix he CVEs 2020-22283 & 2020-22284, which are in [1] & [2].
>>
>> The Debian package takes the code from the 2.1.2 release, at [3], and I
>> can't apply the commits at [1] & [2] directly since they are created
>> from a later code.
>>
>> Attached is a patch I wrote, basically adding the implementation for
>> pbuf_copy_partial_pbuf and calling it from icmp6.c and zepif.c
>>
>> Could any of you take a fast look at it and tell me if it seems ok? I'd
>> appreciate it.
>>
>> Regards
>>
>> ---
>> [1] https://savannah.nongnu.org/bugs/index.php?58553
>> [2] https://savannah.nongnu.org/bugs/index.php?58554
>> [3]
>> https://git.savannah.nongnu.org/cgit/lwip.git/tree/?h=STABLE-2_1_2_RELEASE
>> _______________________________________________
>> lwip-devel mailing list
>> lwip-devel@nongnu.org
>> https://lists.nongnu.org/mailman/listinfo/lwip-devel




reply via email to

[Prev in Thread] Current Thread [Next in Thread]