Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[21.02] cyrus-sasl: patch CVE-2019-19906 #17113

Merged
merged 1 commit into from
Nov 14, 2021
Merged

[21.02] cyrus-sasl: patch CVE-2019-19906 #17113

merged 1 commit into from
Nov 14, 2021

Conversation

paper42
Copy link
Contributor

@paper42 paper42 commented Nov 12, 2021

Maintainer: @flyn-org
Compile tested: aarch64, Turris MOX, OpenWrt 21.02

Description: https://nvd.nist.gov/vuln/detail/CVE-2019-19906

@flyn-org
Copy link
Contributor

Looks good. Recommend merge.

The fix is tracked upstream, but cyrus-sasl has been slow in the past to make new releases. I recommend moving forward with the local patch.

@flyn-org flyn-org mentioned this pull request Nov 12, 2021
Closed
@PolynomialDivision
Copy link
Member

I don't understand why adding this fix only to 21.02? If master is also affected, please do it against master, I will merge it and backport using git cherry-pick -x ...?

@paper42
Copy link
Contributor Author

paper42 commented Nov 13, 2021

I don't understand why adding this fix only to 21.02? If master is also affected, please do it against master, I will merge it and backport using git cherry-pick -x ...?

@PolynomialDivision I submitted the same PR for master - #17112 and 19.07 - #17114, if cherry pick -x is preferred, could you close these two PRs, merge the one targeting master and cherry pick to both stable branches? Thanks.

@PolynomialDivision
Copy link
Member

PolynomialDivision commented Nov 13, 2021
edited
Loading

I don't understand why adding this fix only to 21.02? If master is also affected, please do it against master, I will merge it and backport using git cherry-pick -x ...?

@PolynomialDivision I submitted the same PR for master - #17112 and 19.07 - #17114, if cherry pick -x is preferred, could you close these two PRs, merge the one targeting master and cherry pick to both stable branches? Thanks.

Did not see them. Yeah we use cherry-pick -x f7717bd382d4f03c6353beaaf198d29a34c8e6ab. Can you just update both remaining PRs?

@paper42
cyrus-sasl: patch CVE-2019-19906
44838c2 
Signed-off-by: Michal Vasilek <[email protected]>
(cherry picked from commit f7717bd)
@paper42
Copy link
Contributor Author

paper42 commented Nov 13, 2021

Yeah we use cherry-pick -x f7717bd382d4f03c6353beaaf198d29a34c8e6ab. Can you just update both remaining PRs?

sure, done

@BKPepe BKPepe merged commit b1d6982 into openwrt:openwrt-21.02 Nov 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PolynomialDivision PolynomialDivision Awaiting requested review from PolynomialDivision

Assignees
No one assigned
Labels
OpenWrt 21.02 (end-of-support)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@paper42 @flyn-org @PolynomialDivision @BKPepe