projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: adea5b3) | patch
package/libupnp: security bump to version 1.14.6
authorJörg Krause <joerg.krause@embedded.rocks>
Thu, 22 Apr 2021 07:29:22 +0000 (07:29 +0000)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Fri, 23 Apr 2021 21:21:19 +0000 (23:21 +0200)
commit0f23267bc21e6b60d044226e55cb6ee87bc729db
treed6d197b0b15668db51481d5b0582c0f3830c53e7tree
parentadea5b316e27ae7d7e6ec09fa33a204754cc4de6commit | diff
package/libupnp: security bump to version 1.14.6

The server part of pupnp (libupnp) appears to be vulnerable to DNS-rebinding
attacks because it does not check the value of the `Host` header.

Fixes CVE-2021-29462

https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/libupnp/libupnp.hash diff | blob | history
package/libupnp/libupnp.mk diff | blob | history