package/mongoose: security bump to version 7.1
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Tue, 16 Feb 2021 08:07:55 +0000 (09:07 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Tue, 16 Feb 2021 19:41:18 +0000 (20:41 +0100)
commitbaef15dffa7aa9516491e1d24f7e073726745077
tree5bd148f75e7b496ba3500bf4d4a3a0b6b4855488
parente2707dd43ec537e9d15c69191fb4bc86474900ba
package/mongoose: security bump to version 7.1

- Fix CVE-2021-26528: The mg_http_serve_file function in Cesanta
  Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via
  connection request after exhausting memory pool.
- Fix CVE-2021-26529: The mg_tls_init function in Cesanta Mongoose HTTPS
  server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable
  to remote OOB write attack via connection request after exhausting
  memory pool.
- Fix CVE-2021-26530: The mg_tls_init function in Cesanta Mongoose HTTPS
  server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB
  write attack via connection request after exhausting memory pool.

https://github.com/cesanta/mongoose/releases/tag/7.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/mongoose/mongoose.hash
package/mongoose/mongoose.mk