package/mongoose: security bump to version 6.16

Fixes the following security vulnerability:

CVE-2019-13503: mq_parse_http in mongoose.c in Mongoose 6.15
has a heap-based buffer over-read.

See https://github.com/cesanta/mongoose/releases/tag/6.16

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

diff --git a/package/mongoose/mongoose.hash b/package/mongoose/mongoose.hash
index 92f35a71139977dcc9f55c3a2b7a606980e33eca..d3801316314fd1d0e6220f75602520c28c498be4 100644 (file)
--- a/package/mongoose/mongoose.hash
+++ b/package/mongoose/mongoose.hash
@@ -1,3 +1,3 @@
 # Locally computed:
-sha256 ed9b44690f9660d25562e45472d486c086bcc916bf49f39f22e0a90444d44454  mongoose-6.15.tar.gz
+sha256 1f20f2781862560ddf3203dfb0e6fcf248a68bf92aefbeafb9d2a629c4767c02  mongoose-6.16.tar.gz
 sha256 fdc34eeea97327d75c83492abd34f1a3200c53dec04422ecda8071dc60a36d10  LICENSE

diff --git a/package/mongoose/mongoose.mk b/package/mongoose/mongoose.mk
index c4a703d3cfb97afb50b3460171d7bb5275588f90..bb40de261e9b5be26098ea979a8efe8853b76bdd 100644 (file)
--- a/package/mongoose/mongoose.mk
+++ b/package/mongoose/mongoose.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MONGOOSE_VERSION = 6.15
+MONGOOSE_VERSION = 6.16
 MONGOOSE_SITE = $(call github,cesanta,mongoose,$(MONGOOSE_VERSION))
 MONGOOSE_LICENSE = GPL-2.0
 MONGOOSE_LICENSE_FILES = LICENSE