Security Advisory 2020-12-09-2 - libuci import heap use after free (CVE-2020-28951)

Dear Turris users,

Today in the OpenWrt developer mailing list, there was published Security Advisory for CVE-2020-28951 in libuci.

We would like to ensure our users that this issue was already fixed since Turris OS 5.1.3 release. It was released on 5th November 2020. If you are using an older version of Turris OS 5.x, we suggest updating to the latest version, which is currently Turris OS 5.1.4 as soon as possible.

There is going to be Turris OS 3.11.x release soon which addresses this issue as it is impacted by this issue.