Table of Contents

LEDE v17.01.3 Changelog

This changelog lists all commits done in LEDE since the v17.01.2 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the final 17.01.3 release.

Build System / Buildroot (4 changes)

27da508 build: fix kmod package build on non-GNU systems (+1,-1)
f6907dc image: fix ar71xx legacy images (+1)
d33f790 treewide: fix shellscript syntax errors/typos (+10,-11)
df54a8f LEDE v17.01.3: adjust config defaults (+11,-9)

Build System / Feeds (1 change)

df54a8f LEDE v17.01.3: adjust config defaults (+11,-9)

Build System / Host Utilities (1 change)

6c03b29 firmware-utils: fix dgn3500sum compiler warnings (+3,-4)

Kernel (11 changes)

c03d431 kernel: backport Broadcom thermal drivers (+801)
8d3d7f6 kernel: update kernel 4.4 to 4.4.74 (+31,-31)
823d35f kernel: netfilter: fix nf-nathelper(-extra) description (+2,-2)
69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935)
4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62)
86722ab kernel: fix of_node handling in LEDs core code (+316)
dc8392f kernel: backport usbport LED trigger driver support for DT (+106)
ca53eff kernel: update 4.4 to 4.4.86 (+9,-9)
ab305e1 kernel: update 4.4 to 4.4.87 (+2,-2)
720b0e2 kernel: update 4.4 to 4.4.89 (+35,-35)
37e1bd2 generic: drop 704-phy-no-genphy-soft-reset.patch (-11)

Packages / Boot Loaders (1 change)

671fc88 uboot-envtools: add support for ALFA Network AP121F (+1)

Packages / Common (30 changes)

c16326c dropbear: fix service trigger syntax error (+2,-2)
73e81a8 mbedtls: update to 2.5.1 (+27,-27)
57289ae openvpn: update to 2.4.3 (+14,-13)
73a4568 ca-certificates: Update to version 20161130+nmu1 (+3,-3)
91d41b6 dnsmasq: backport tweak ICMP ping logic for DHCPv4 (+26,-1)
74d5c3e mtd-utils: use source package name for lzo in PKG_BUILD_DEPENDS (+1,-1)
699e312 dnsmasq: backport patch fixing DNS failover (FS#841) (+31)
7ab8bf1 curl: fix CVE-2017-7407 and CVE-2017-7468 (+430,-1)
b67b316 dnsmasq: backport remove ping check of configured dhcp address (+29,-1)
3e35eb1 mbedtls: Re-allow SHA1-signed certificates (+10,-1)
ae3c556 tcpdump: Update to 4.9.1 (+2,-2)
a006b48 dnsmasq: forward.c: fix CVE-2017-13704 (+38,-1)
bd29aa1 f2fs-tools: Switch to gz tarball (+3,-3)
707a4b4 f2fs-tools: drop patch in favour of CONFIGURE_VARS (+3,-19)
c3bddb4 f2fs-tools: drop musl compat patch (-10)
f62a31d f2fs-tools: fix mkfs.f2fs on big-endian systems (+67,-1)
a7506c0 dnsmasq: backport official fix for CVE-2017-13704 (+95,-38)
1d15a03 dnsmasq: backport arcount edns0 fix (+45,-1)
082e621 hostapd: fix iapp_interface option (+1,-1)
d33f790 treewide: fix shellscript syntax errors/typos (+10,-11)
a131f7c utils/tcpdump: Rework URLs (+2,-2)
f66c6e1 tcpdump: bump to 4.9.2 (+41,-37)
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)
86f0e8b openvpn: add "extra-certs" option (+2,-1)
39e5cd9 ltq-vdsl: fix PM thread suspend and resume handling (+108,-1)
b428f45 ltq-vdsl-mei: disable optimized firmware download (+2,-2)
e232c67 mbedtls: update to 2.6.0 CVE-2017-14032 (+30,-30)
f483a35 curl: fix security problems (+75,-1)
a881323 ltq-vdsl-mei: revert disable optimized firmware download (+2,-2)
4b4a4af dnsmasq: bump to v2.78 (+4,-226)

Packages / LEDE base files (5 changes)

761e608 base-files: fix PKG_CONFIG_DEPENDS to include version.mk entries (+2,-1)
889638c base-files: don't setup network in preinit if failsafe is disabled (+4,-1)
7f1359c base-files: fix wan6 interface config generation for pppoe (+3,-6)
b8357e8 base-files: create /etc/config/ directory (+1)
df54a8f LEDE v17.01.3: adjust config defaults (+11,-9)

Packages / LEDE network userland (5 changes)

cca765f dhcpv6: add missing dollar sign in dhcpv6 script (FS#874) (+2,-2)
bb6a8b2 uclient: update to 2017-09-06 (+3,-3)
83ce236 uclient-fetch: read_data_cb: fix a potential buffer overflow (+1,-1)
24d6ede uclient-http: fix Host: header for literal IPv6 addresses (+9,-3)
d33f790 treewide: fix shellscript syntax errors/typos (+10,-11)
c92c189 odhcpd: backport fixes from master branch (FS#402, FS#524) (+3,-3)
336212c dhcpv6: assign all viable DHCPv6 addresses by default (FS#402, FS#524) (+62,-50)
c6f3d5d config: fix dhcpv4 server being started (+17,-6)
783465d odhcpd: don't enable server mode on non-static lan port (+18,-3)

Packages / LEDE system userland (6 changes)

eff3469 procd: backport fixes from master branch (+3,-3)
2716228 procd: service gets deleted when its last instance is freed (+5,-1)
889442c procd: Add missing \n in debug message (+1,-1)
225b18d procd: Don't use syslog before its initialization (+1,-1)
5131bec procd: Log initscript output prefixed with script name (+3,-2)
cd5225d procd/rcS: Use /dev/null as stdin (+6)
6e8ea8b rcS: add missing fcntl.h include (+1)
22f89e1 upgraded: define __GNU_SOURCE (+2)
558ffb5 service/service_stopped(): fix a use-after-free (+1,-1)
6b0da20 hotplug: fix a memory leak in handle_button_complete() (+4,-1)
8fd57dd upgraded: cmake: Find and include uloop.h (+2)
8297c38 preinit: define _GNU_SOURCE (+1)
89918c8 system: introduce new attribute board_name (+34)
7896d7b fstools: backport fixes from master branch (+4,-60)
34d36c2 add missing includes (+4)
be5004c libfstools: add basic documentation of mount functions (+15)
cddc830 libfstools: silence mkfs.{ext4,f2fs} (+2,-2)
d361923 build: disable the format-truncation warning error to fix gcc 7 build errors (+1,-1)
45c2a6f libfstools: fix multiple volume_identify usages with the same volume (+3,-1)
ef2d438 fstools: use -Wno-format-truncation instead of -Wno-error=format-truncation (+1,-1)
bdcb075 libfstools: fix matching device name (+2,-3)
82b20d7 procd: backport kernel watchdog start/stop support (+3,-3)
4dbf57a watchdog: add support for starting/stopping kernel watchdog (+74,-18)
66b071f procd: update to latest git HEAD (+3,-3)
3e68cdf procd: Do not leak pipe file descriptors to children (+3)
4503d8b procd: update to the latest git HEAD (+3,-3)
66be6a2 watchdog: fix inline watchdog_get_magicclose function prototype (+2,-1)
d0bf257 uhttp: update to latest version (+3,-3)
e6cfc91 lua: ensure that PATH_INFO starts with a slash (+4)
a8bf9c0 uhttpd: Add TCP_FASTOPEN support (+3,-1)
fa51d7f proc: do not declare empty process variables (+1,-1)
ad93be7 auth: store parsed username and password (+31,-11)
c0a569d proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS (+5,-1)
99957f6 file: remove unused "auth" member from struct path_info (+2,-4)
88c0b4b file: fix basic auth regression (+9,-8)
3fd58e9 uhttpd: add manifest support (+4,-2)

Target / apm821xx (2 changes)

8d3d7f6 kernel: update kernel 4.4 to 4.4.74 (+31,-31)
ca53eff kernel: update 4.4 to 4.4.86 (+9,-9)

Target / ar7 (1 change)

1807a0e ar7: add NULL clock fix send upstream (+90)

Target / ar71xx (7 changes)

d71ffb9 ar71xx: Fix UBIFS work on Mikrotik RB95x devices (+2)
d0ec502 ar71xx: set US region code for TP-Link TL-WR710N v1 image (+1)
3959110 ar71xx: add support for ALFA Network AP121F (+143)
870ca0d ar71xx: fix switch port mapping for TP-Link TL-WR74xN/D series (+1,-1)
69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935)
ca53eff kernel: update 4.4 to 4.4.86 (+9,-9)
4151752 ar71xx: fix MAC addresses on TP-Link TL-WR1043ND v4 (+3,-2)

Target / bcm53xx (4 changes)

5b0b27e bcm53xx: enable Northstar thermal driver (+5)
f197a2a bcm53xx: include wpad-mini only on devices with (supported) wireless (+15,-13)
69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935)
cae20f6 bcm53xx: backport DTS commits that setup USB LEDs (+214,-1)

Target / brcm2708 (5 changes)

8d3d7f6 kernel: update kernel 4.4 to 4.4.74 (+31,-31)
69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935)
4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62)
ca53eff kernel: update 4.4 to 4.4.86 (+9,-9)
720b0e2 kernel: update 4.4 to 4.4.89 (+35,-35)

Target / brcm47xx (1 change)

1100bbf brcm47xx: refresh Linux 4.4 config (+8,-8)

Target / brcm63xx (2 changes)

69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935)
5e87b01 brcm63xx: add NULL clock fix send upstream (+53,-5)

Target / imx6 (1 change)

8fbef4b imx6: fix DualLite/Solo GW551X board detection (+1,-1)

Target / ipq806x (3 changes)

53eba6f ipq806x: fixup thermal patches (+5,-249)
69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935)
97ebdf9 ipq806x: Archer C2600: fix switch ports numbering (+4,-1)

Target / ixp4xx (1 change)

ca53eff kernel: update 4.4 to 4.4.86 (+9,-9)

Target / lantiq (4 changes)

5261766 lantiq: use img file extension for DGN3500 factory images (+5,-5)
4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62)
af802bc lantiq: fix missing otg_cap on danube platform (+54,-24)
720b0e2 kernel: update 4.4 to 4.4.89 (+35,-35)

Target / layerscape (1 change)

69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935)

Target / mediatek (3 changes)

69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935)
4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62)
720b0e2 kernel: update 4.4 to 4.4.89 (+35,-35)

Target / mvebu (3 changes)

69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935)
4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62)
720b0e2 kernel: update 4.4 to 4.4.89 (+35,-35)

Target / oxnas (1 change)

69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935)

Target / ramips (20 changes)

2e206c7 ramips: fix Phicomm K1S(PSG1208) pinmux (+1,-1)
3214e17 ramips: fix Xiaomi MiWiFi Nano firmware partition size (+1,-1)
ece85e2 ramips: DTS: VoCore2 improvements/fixes (+3,-22)
e08b825 ramips: fix wps button gpio for DWR-512 (+1,-1)
a5822db ramips: DIR-860L-B1 fix switch port numbering (+4,-1)
69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935)
2247af8 ramips: add NULL clock fix send upstream (+43)
5e409f0 ramips: fix Mercury MAC1200R v2.0 board name (+2,-1)
a943934 ramips: Archer C50v1: fix LEDs active levels (+2,-2)
8e67c35 ramips: Archer C50v1: fix switch port numbering (+4,-1)
c407e6c ramips: Archer C50v1: fix power led (+1,-1)
6f4a903 ralink: fix rcu_sched stalls on mt7621 (+98)
57a8f36 ramips: add missing partitions (+57,-9)
1a050c8 ramips: build HuaWei HG255D image (+7)
48798af ramips: fix Omnima MiniEMBWiFi image (+1)
982612d ramips: ArcherC50v1: fix wlan2g MAC address (+2)
ff414fb ramips: fix WHR-1166D WAN port (+1,-1)
4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62)
4f162ac ramips: fix hg255d LED status support (+1)
720b0e2 kernel: update 4.4 to 4.4.89 (+35,-35)

Target / rb532 (1 change)

69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935)

Target / sunxi (1 change)

3350137 sunxi: clean up modules definitions (+5,-45)

Target / x86 (2 changes)

05643bd x86: enable ACPI support for the Geode subtarget (+60,-3)
c047c34 x86: add missing kernel config symbols to Geode target (+2)

Wireless / Common (1 change)

d33f790 treewide: fix shellscript syntax errors/typos (+10,-11)

Addressed bugs

#402

Description: odhcpd: assign all viable DHCPv6 address in stateful+stateless mode
Link: https://bugs.lede-project.org/index.php?do=details&task_id=402
Commits:
c92c189 odhcpd: backport fixes from master branch (FS#402, FS#524) (+3,-3)
336212c dhcpv6: assign all viable DHCPv6 addresses by default (FS#402, FS#524) (+62,-50)
c6f3d5d config: fix dhcpv4 server being started (+17,-6)

#524

Description: odhcpd: stateful+stateless sends M flag in RA for prefix that will not DHCPv6
Link: https://bugs.lede-project.org/index.php?do=details&task_id=524
Commits:
c92c189 odhcpd: backport fixes from master branch (FS#402, FS#524) (+3,-3)
336212c dhcpv6: assign all viable DHCPv6 addresses by default (FS#402, FS#524) (+62,-50)
c6f3d5d config: fix dhcpv4 server being started (+17,-6)

#577

Description: Poweroff command hand Geode system instead of switch off.
Link: https://bugs.lede-project.org/index.php?do=details&task_id=577
Commits:
05643bd x86: enable ACPI support for the Geode subtarget (+60,-3)

#622

Description: Xiaomi nano can not use 16M flash
Link: https://bugs.lede-project.org/index.php?do=details&task_id=622
Commits:
3214e17 ramips: fix Xiaomi MiWiFi Nano firmware partition size (+1,-1)

#670

Description: whr-1166d gigabit port not working
Link: https://bugs.lede-project.org/index.php?do=details&task_id=670
Commits:
ff414fb ramips: fix WHR-1166D WAN port (+1,-1)

#735

Description: LEDE 17.01.1 boot loop on Asus RT-N56U ramips, rt3883
Link: https://bugs.lede-project.org/index.php?do=details&task_id=735
Commits:
2247af8 ramips: add NULL clock fix send upstream (+43)
5e87b01 brcm63xx: add NULL clock fix send upstream (+53,-5)

#749

Description: EdgeRouter Lite (octeon) f2fs WARNING in segment.c
Link: https://bugs.lede-project.org/index.php?do=details&task_id=749
Commits:
f62a31d f2fs-tools: fix mkfs.f2fs on big-endian systems (+67,-1)

#755

Description: [SUNXI] ImageBuilder fails because of kmod-eeprom-sunxi
Link: https://bugs.lede-project.org/index.php?do=details&task_id=755
Commits:
3350137 sunxi: clean up modules definitions (+5,-45)

#841

Description: dnsmasq cannot resolve domain name if the first upstream dns server reply code is REFUSED
Link: https://bugs.lede-project.org/index.php?do=details&task_id=841
Commits:
699e312 dnsmasq: backport patch fixing DNS failover (FS#841) (+31)

#843

Description: Switch port order reversed on TL-WR740N (v2.5)
Link: https://bugs.lede-project.org/index.php?do=details&task_id=843
Commits:
870ca0d ar71xx: fix switch port mapping for TP-Link TL-WR74xN/D series (+1,-1)

#874

Description: odhcpc6 script typo, so /etc/odhcp6c.user is called with incorrect parameter
Link: https://bugs.lede-project.org/index.php?do=details&task_id=874
Commits:
cca765f dhcpv6: add missing dollar sign in dhcpv6 script (FS#874) (+2,-2)

#904

Description: Allnet ALL0315N crashes when updating from OpenWRT to LEDE
Link: https://bugs.lede-project.org/index.php?do=details&task_id=904
Commits:
f6907dc image: fix ar71xx legacy images (+1)

#942

Description: openvpn-mbedtls no longer accepts SHA1 certificates
Link: https://bugs.lede-project.org/index.php?do=details&task_id=942
Commits:
3e35eb1 mbedtls: Re-allow SHA1-signed certificates (+10,-1)

Security fixes

CVE-2017-7407

Description: The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407
Commits:
7ab8bf1 curl: fix CVE-2017-7407 and CVE-2017-7468 (+430,-1)

CVE-2017-7468

Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7468
Commits:
7ab8bf1 curl: fix CVE-2017-7407 and CVE-2017-7468 (+430,-1)

CVE-2017-7508

Description: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7508
Commits:
57289ae openvpn: update to 2.4.3 (+14,-13)

CVE-2017-7512

Description: Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512 maps to an OpenVPN vulnerability. The proper CVE ID for that OpenVPN vulnerability is CVE-2017-7521. Specifically, CVE-2017-7521 is the correct CVE ID for TWO closely related findings in OpenVPN. Any source that lists BOTH CVE-2017-7512 and CVE-2017-7521 for OpenVPN should have listed ONLY CVE-2017-7521.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7512
Commits:
57289ae openvpn: update to 2.4.3 (+14,-13)

CVE-2017-7520

Description: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7520
Commits:
57289ae openvpn: update to 2.4.3 (+14,-13)

CVE-2017-7521

Description: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7521
Commits:
57289ae openvpn: update to 2.4.3 (+14,-13)

CVE-2017-7522

Description: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7522
Commits:
57289ae openvpn: update to 2.4.3 (+14,-13)

CVE-2017-7533

Description: Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7533
Commits:
4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62)

CVE-2017-11108

Description: tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11108
Commits:
ae3c556 tcpdump: Update to 4.9.1 (+2,-2)

CVE-2017-11541

Description: tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-11542

Description: tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-11543

Description: tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-11600

Description: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11600
Commits:
ab305e1 kernel: update 4.4 to 4.4.87 (+2,-2)

CVE-2017-12893

Description: The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12893
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12894

Description: Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12894
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12895

Description: The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12895
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12896

Description: The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12896
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12897

Description: The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12897
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12898

Description: The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12898
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12899

Description: The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12899
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12900

Description: Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12900
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12901

Description: The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12901
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12902

Description: The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12902
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12985

Description: The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12985
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12986

Description: The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12986
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12987

Description: The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12987
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12988

Description: The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12988
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12989

Description: The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12989
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12990

Description: The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12990
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12991

Description: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12991
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12992

Description: The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12992
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12993

Description: The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12994

Description: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12994
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12995

Description: The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12995
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12996

Description: The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12996
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12997

Description: The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12997
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12998

Description: The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12998
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-12999

Description: The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12999
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13000

Description: The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13000
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13001

Description: The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13001
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13002

Description: The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13002
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13003

Description: The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13003
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13004

Description: The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13004
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13005

Description: The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13005
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13006

Description: The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13006
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13007

Description: The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13007
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13008

Description: The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13008
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13009

Description: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13009
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13010

Description: The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13010
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13011

Description: Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13011
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13012

Description: The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13012
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13013

Description: The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13013
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13014

Description: The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13014
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13015

Description: The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13015
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13016

Description: The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13016
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13017

Description: The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13017
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13018

Description: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13018
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13019

Description: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13019
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13020

Description: The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13020
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13021

Description: The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13021
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13022

Description: The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13022
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13023

Description: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13023
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13024

Description: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13024
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13025

Description: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13025
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13026

Description: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13026
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13027

Description: The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13027
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13028

Description: The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13028
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13029

Description: The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13029
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13030

Description: The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13030
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13031

Description: The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13031
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13032

Description: The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13032
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13033

Description: The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13033
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13034

Description: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13034
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13035

Description: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13035
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13036

Description: The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13036
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13037

Description: The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13037
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13038

Description: The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13038
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13039

Description: The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13039
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13040

Description: The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13040
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13041

Description: The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13041
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13042

Description: The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13042
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13043

Description: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13043
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13044

Description: The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13044
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13045

Description: The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13045
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13046

Description: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13046
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13047

Description: The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13047
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13048

Description: The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13048
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13049

Description: The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13049
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13050

Description: The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13050
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13051

Description: The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13051
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13052

Description: The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13052
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13053

Description: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13053
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13054

Description: The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13054
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13055

Description: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13055
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13687

Description: The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13687
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13688

Description: The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13688
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13689

Description: The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13689
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13690

Description: The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13690
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-13704

Description: In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13704
Commits:
a006b48 dnsmasq: forward.c: fix CVE-2017-13704 (+38,-1)
a7506c0 dnsmasq: backport official fix for CVE-2017-13704 (+95,-38)

CVE-2017-13725

Description: The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13725
Commits:
12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1)

CVE-2017-14032

Description: ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14032
Commits:
e232c67 mbedtls: update to 2.6.0 CVE-2017-14032 (+30,-30)

CVE-2017-14491

Description: Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14491
Commits:
4b4a4af dnsmasq: bump to v2.78 (+4,-226)

CVE-2017-14492

Description: Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14492
Commits:
4b4a4af dnsmasq: bump to v2.78 (+4,-226)

CVE-2017-14493

Description: Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14493
Commits:
4b4a4af dnsmasq: bump to v2.78 (+4,-226)

CVE-2017-14494

Description: dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14494
Commits:
4b4a4af dnsmasq: bump to v2.78 (+4,-226)

CVE-2017-14495

Description: Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14495
Commits:
4b4a4af dnsmasq: bump to v2.78 (+4,-226)

CVE-2017-14496

Description: Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14496
Commits:
4b4a4af dnsmasq: bump to v2.78 (+4,-226)

CVE-2017-1000100

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100
Commits:
f483a35 curl: fix security problems (+75,-1)

CVE-2017-1000101

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101
Commits:
f483a35 curl: fix security problems (+75,-1)

CVE-2017-1000111

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000111
Commits:
4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62)

CVE-2017-1000112

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000112
Commits:
4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62)