projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 52cec04)
mpv: security bump to 0.27.2
authorMahyar Koshkouei <mahyar.koshkouei@gmail.com>
Mon, 26 Feb 2018 15:41:12 +0000 (15:41 +0000)
committerPeter Korsgaard <peter@korsgaard.com>
Tue, 27 Feb 2018 20:05:00 +0000 (21:05 +0100)
Fixes CVE-2018-6360: mpv through 0.28.0 allows remote attackers to execute
arbitrary code via a crafted web site, because it reads HTML documents
containing VIDEO elements, and accepts arbitrary URLs in a src attribute
without a protocol whitelist.

[Peter: Add CVE description]
Signed-off-by: Mahyar Koshkouei <mahyar.koshkouei@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/mpv/mpv.hash patch | blob | history
package/mpv/mpv.mk patch | blob | history

diff --git a/package/mpv/mpv.hash b/package/mpv/mpv.hash
index 60fb84335e0f2d1ef380dbce4132ba90df04f2b8..1dac3a49406e2ae6c0b67093df3c67e2b679e44b 100644 (file)
--- a/package/mpv/mpv.hash
+++ b/package/mpv/mpv.hash
@@ -1,2 +1,2 @@
 # Locally calculated
-sha256 341d8bf18b75c1f78d5b681480b5b7f5c8b87d97a0d4f53a5648ede9c219a49c v0.27.0.tar.gz
+sha256 2ad104d83fd3b2b9457716615acad57e479fd1537b8fc5e37bfe9065359b50be v0.27.2.tar.gz
diff --git a/package/mpv/mpv.mk b/package/mpv/mpv.mk
index d577674bd97ce272db5c1b9aa7d1d6da4e81f626..f38a6b916f7fdbe826a611b8ad8f7ae34d2868b4 100644 (file)
--- a/package/mpv/mpv.mk
+++ b/package/mpv/mpv.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MPV_VERSION = 0.27.0
+MPV_VERSION = 0.27.2
 MPV_SITE = https://github.com/mpv-player/mpv/archive
 MPV_SOURCE = v$(MPV_VERSION).tar.gz
 MPV_DEPENDENCIES = \