The server part of pupnp (libupnp) appears to be vulnerable to DNS-rebinding
attacks because it does not check the value of the `Host` header.
Fixes CVE-2021-29462
https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
# Locally computed:
-sha256 227ffa407be6b91d4e42abee1dd27e4b8d7e5ba8d3d45394cca4e1eadc65149a libupnp-1.14.5.tar.bz2
+sha256 3168f676352e2a6e45afd6ea063721ed674c99f555394903fbd23f7f54f0a503 libupnp-1.14.6.tar.bz2
sha256 c8b99423cad48bb44e2cf52a496361404290865eac259a82da6d1e4331ececb3 COPYING
#
################################################################################
-LIBUPNP_VERSION = 1.14.5
+LIBUPNP_VERSION = 1.14.6
LIBUPNP_SOURCE = libupnp-$(LIBUPNP_VERSION).tar.bz2
LIBUPNP_SITE = \
http://downloads.sourceforge.net/project/pupnp/release-$(LIBUPNP_VERSION)
projects / buildroot.git / commitdiff