git.libre-soc.org Git - buildroot.git/commit

author	Pierre-Jean Texier <texier.pj2@gmail.com>
	Sun, 14 Mar 2021 16:01:48 +0000 (17:01 +0100)
committer	Yann E. MORIN <yann.morin.1998@free.fr>
	Sun, 14 Mar 2021 16:29:44 +0000 (17:29 +0100)
commit	20a0f60a2c8b6b94915823478a6182277e979c47
tree	26af3ececbdc106c6f9dd94f2630c8e5a9702f77	tree
parent	c98df6fe0c7a964435787849d62e3e9be74f0df6	commit \| diff

package/mongoose: security bump to version 7.2

- Fix CVE-2021-26530: The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0
  (compiled with OpenSSL support) is vulnerable to remote OOB write attack via
  connection request after exhausting memory pool.
- Fix CVE-2021-26529: The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0
  and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write
  attack via connection request after exhausting memory pool.
- Fix CVE-2021-26528: The mg_http_serve_file function in Cesanta Mongoose HTTP server
  7.0 is vulnerable to remote OOB write attack via connection request after exhausting
  memory pool.

See https://github.com/cesanta/mongoose/releases/tag/7.2

Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mongoose/mongoose.hash		diff \| blob \| history
package/mongoose/mongoose.mk		diff \| blob \| history