projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 436679d) | patch
package/mongoose: security bump to version 6.17
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Wed, 12 Feb 2020 21:21:34 +0000 (22:21 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Thu, 13 Feb 2020 17:08:21 +0000 (18:08 +0100)
commitc18562a82a47fc8cc9cb3af92cdee7ddbffc8a76
tree1297ec5f57bf829ebd02e571f4843e815cae9d90tree
parent436679d954924cbf64fcd09c5d6d5d2c7e3eef95commit | diff
package/mongoose: security bump to version 6.17

- Fix CVE-2019-19307: An integer overflow in parse_mqtt in mongoose.c in
  Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS
  (infinite loop), or possibly cause an out-of-bounds write, by sending
  a crafted MQTT protocol packet.
- Update indentation of hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/mongoose/mongoose.hash diff | blob | history
package/mongoose/mongoose.mk diff | blob | history