projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9dad1ef)
package/mpv: security bump to version 0.33.1
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Thu, 27 May 2021 07:04:23 +0000 (09:04 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Thu, 27 May 2021 15:22:04 +0000 (17:22 +0200)
Fix CVE-2021-30145: A format string vulnerability in mpv through 0.33.0
allows user-assisted remote attackers to achieve code execution via a
crafted m3u playlist file.

https://github.com/mpv-player/mpv/releases/tag/v0.33.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/mpv/mpv.hash patch | blob | history
package/mpv/mpv.mk patch | blob | history

diff --git a/package/mpv/mpv.hash b/package/mpv/mpv.hash
index 548a0f0159e0b810cb84d182aeabe1e6d23d7687..0c7eb5f8a5adc429e270ff1d1ae0f736681c511e 100644 (file)
--- a/package/mpv/mpv.hash
+++ b/package/mpv/mpv.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  f1b9baf5dc2eeaf376597c28a6281facf6ed98ff3d567e3955c95bf2459520b4  mpv-0.33.0.tar.gz
+sha256  100a116b9f23bdcda3a596e9f26be3a69f166a4f1d00910d1789b6571c46f3a9  mpv-0.33.1.tar.gz
 sha256  a99d7b0625a0566271aad6de694e52eafd566db024f9516720d526c680d3ee30  LICENSE.GPL
diff --git a/package/mpv/mpv.mk b/package/mpv/mpv.mk
index ca3b8c878adf97c47283c45bd12d7d0250287f80..5713b98e8e05ab545739c8a909ece94820a6d1a4 100644 (file)
--- a/package/mpv/mpv.mk
+++ b/package/mpv/mpv.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MPV_VERSION = 0.33.0
+MPV_VERSION = 0.33.1
 MPV_SITE = $(call github,mpv-player,mpv,v$(MPV_VERSION))
 MPV_DEPENDENCIES = \
        host-pkgconf ffmpeg libass zlib \