Summary: | libusb can be updated to 1.0.23 | ||
---|---|---|---|
Product: | IPFire | Reporter: | gerd <gerd> |
Component: | --- | Assignee: | Peter Müller <peter.mueller> |
Status: | CLOSED FIXED | QA Contact: | |
Severity: | Security | ||
Priority: | Will affect all users | CC: | michael.tremer, peter.mueller |
Version: | 2 | Keywords: | 5MinuteJob, Security |
Hardware: | all | ||
OS: | All | ||
Attachments: |
LFS for Lib USB
Rootfile for new LibUSB |
Description
gerd
2017-08-27 17:58:15 UTC
Can also updated to 1.0.22 works.. This is not really how a bug tracker works. Please submit a patch if you have updated and tested a new version of this package. Created attachment 664 [details]
LFS for Lib USB
Created attachment 665 [details]
Rootfile for new LibUSB
Meanwhile whe havelibusb 1.0.22 and it works... (In reply to Michael Tremer from comment #2) > This is not really how a bug tracker works. Please submit a patch if you > have updated and tested a new version of this package. Don runs since i submitted that Bug LFS and root is now included (rootfile isn't usually needed because update will be a system update.... (i only created rootfile to test package locally) KR Gerd Please submit the patch as described here:
> https://wiki.ipfire.org/devel/submit-patches
It HAS to be sent to the mailing list.
And please do not change the component to anything that belongs to IPFire 3.
I did trying to update libusb in the past, but stumbled across #11810. @gerd: Do you experiencing the same problem or know how to fix it? (In reply to Peter Müller from comment #8) > I did trying to update libusb in the past, but stumbled across #11810. > @gerd: Do you experiencing the same problem or know how to fix it? No i do notuse USB NICs :) Ciao Gerd I will take care about this... meanwhile you can use 1.0.23 :) Ciao gerd @Peter: Why has this been marked as security-relevant? Could you please quote the changelog in those occasions? (In reply to Michael Tremer from comment #13) > @Peter: Why has this been marked as security-relevant? Could you please > quote the changelog in those occasions? Because I consider USB stuff being security-relevant in general. While I am not aware of any precise security vulnerability, libusb attempted to close several flaws mostly detected by fuzzing sessions within the last releases. However: Good point. One should always quote the changelog in such cases. |