mirror of
https://github.com/motioneye-project/motioneyeos.git
synced 2025-04-20 05:17:17 +00:00
5eee309aeb
Fixes the following security issues: * CVE-2019-3836: It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages * CVE-2019-3829: A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. 3.6.7.1 is identical to 3.6.7, but fixes a packaging issue in the release tarball: https://lists.gnutls.org/pipermail/gnutls-devel/2019-April/013086.html HTTP URLs changed to HTTPS in COPYING, so update license hash. Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 1dd5576ccb8eadeb8672c8b22df86f4f41dce1d5) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>