[Buildroot] [PATCH 1/2] package/nghttp2: security bump to version 1.39.2
Peter Korsgaard
peter at korsgaard.com
Wed Sep 25 17:58:14 UTC 2019
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> CVE-2019-9511: Data Dribble
> CVE-2019-9513: Resource Loop
> For details, see the advisory:
> https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/
> Notice that libnghttp2 itself is not affected by these vulnerabilities, only
> nghttpx and nghttpd (which are currently not built).
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2019.02.x, 2019.05.x and 2019.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list