Commits

Peter Korsgaard committed 6f971f354c1
ntfs-3g: add security fix for CVE-2017-0358 Jann Horn, Project Zero (Google) discovered that ntfs-3g, a read-write NTFS driver for FUSE does not not scrub the environment before executing modprobe to load the fuse module. This influence the behavior of modprobe (MODPROBE_OPTIONS environment variable, --config and --dirname options) potentially allowing for local root privilege escalation if ntfs-3g is installed setuid. Notice that Buildroot does NOT install netfs-3g setuid root, but custom permission tables might be used, causing it to vulnerable to the above. ntfs-3g does not seem to have a publicly available version control system and no new releases have been made, so instead grab the patch from Debian. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>