[Buildroot] [PATCH 1/3] package/libupnp18: security bump to version 1.14.0
Peter Korsgaard
peter at korsgaard.com
Mon Aug 31 20:12:16 UTC 2020
>>>>> "Arnout" == Arnout Vandecappelle <arnout at mind.be> writes:
> On 21/08/2020 22:41, Fabrice Fontaine wrote:
>> Fix CallStranger a.k.a. CVE-2020-12695 as well as CVE-2020-13848
> Again, although this bump indeed fixes those issues, it's a feature version
> bump so I'm not sure if it can be called "security bump".
> In addition, the libupnp18 package exists because of API incompatibility with
> 1.6. Are we sure that this problem doesn't repeat itself for 1.14?
And calling it libupnp18 when it is provides 1.14.x is quite confusing
:/
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list