You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by ag...@apache.org on 2020/12/09 16:21:45 UTC
[incubator-nuttx-website] branch master updated: Add release notes
for 10.0.1 and 9.1.1
This is an automated email from the ASF dual-hosted git repository.
aguettouche pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-nuttx-website.git
The following commit(s) were added to refs/heads/master by this push:
new 6e14342 Add release notes for 10.0.1 and 9.1.1
6e14342 is described below
commit 6e14342cc519d9525d20ca5c1a7b3ff1d98eae77
Author: Brennan Ashton <ba...@brennanashton.com>
AuthorDate: Wed Dec 9 07:42:26 2020 -0800
Add release notes for 10.0.1 and 9.1.1
---
_releases/10.0.1.md | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++
_releases/9.1.1.md | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 122 insertions(+)
diff --git a/_releases/10.0.1.md b/_releases/10.0.1.md
new file mode 100644
index 0000000..c5cb7f1
--- /dev/null
+++ b/_releases/10.0.1.md
@@ -0,0 +1,61 @@
+---
+layout: page
+released: true
+apache: true
+title: 10.0.1
+date: 2020-12-08
+summary: >
+ Release v10.0.1
+
+artifact-root: "https://downloads.apache.org/incubator/nuttx/10.0.1"
+checksum-root: "https://downloads.apache.org/incubator/nuttx/10.0.1"
+key-file: "https://downloads.apache.org/incubator/nuttx/KEYS"
+
+source-os-dist: - "apache-nuttx-10.0.1-incubating.tar.gz" source-app-dist: -
+ "apache-nuttx-apps-10.0.1-incubating.tar.gz"
+
+---
+
+
+<!--
+{% comment %}
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to you under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+{% endcomment %}
+-->
+
+{% include JB/setup %}
+
+# Apache NuttX-10.0.1 Release Notes
+
+This is a security only patch release.
+
+## Security Issues Fixed In This Release
+Both of the security fixes in this release are part of a larger group of
+vulnerabilities known as AMNESIA:33 that were identified as impacting many IoT
+TCP/IP stacks.
+
+https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/
+
+ * __CVE-2020-17528__ Out-Of-Bounds Write vulnerability in TCP stack
+ allows attacker to cause memory corruption by supplying arbitrary urgent
+ data pointer offsets within TCP packets including beyond the length of the
+ packet.
+
+ * __CVE-2020-17529__ Out-of-bounds Write vulnerability in TCP Stack
+ allows attacker to cause memory corruption by supplying and invalid
+ fragmentation offset value specified in the IP header. This is only impacts
+ builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY
+ configuration flags enabled.
\ No newline at end of file
diff --git a/_releases/9.1.1.md b/_releases/9.1.1.md
new file mode 100644
index 0000000..82ee083
--- /dev/null
+++ b/_releases/9.1.1.md
@@ -0,0 +1,61 @@
+---
+layout: page
+released: true
+apache: true
+title: 9.1.1
+date: 2020-12-08
+summary: >
+ Release v9.1.1
+
+artifact-root: "https://downloads.apache.org/incubator/nuttx/9.1.1"
+checksum-root: "https://downloads.apache.org/incubator/nuttx/9.1.1"
+key-file: "https://downloads.apache.org/incubator/nuttx/KEYS"
+
+source-os-dist: - "apache-nuttx-9.1.1-incubating.tar.gz" source-app-dist: -
+ "apache-nuttx-apps-9.1.1-incubating.tar.gz"
+
+---
+
+
+<!--
+{% comment %}
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to you under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+{% endcomment %}
+-->
+
+{% include JB/setup %}
+
+# Apache NuttX-9.1.1 Release Notes
+
+This is a security only patch release.
+
+## Security Issues Fixed In This Release
+Both of the security fixes in this release are part of a larger group of
+vulnerabilities known as AMNESIA:33 that were identified as impacting many IoT
+TCP/IP stacks.
+
+https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/
+
+ * __CVE-2020-17528__ Out-Of-Bounds Write vulnerability in TCP stack
+ allows attacker to cause memory corruption by supplying arbitrary urgent
+ data pointer offsets within TCP packets including beyond the length of the
+ packet.
+
+ * __CVE-2020-17529__ Out-of-bounds Write vulnerability in TCP Stack
+ allows attacker to cause memory corruption by supplying and invalid
+ fragmentation offset value specified in the IP header. This is only impacts
+ builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY
+ configuration flags enabled.
\ No newline at end of file