[Buildroot] [PATCH 1/3] package/libupnp18: security bump to version 1.14.0
Peter Korsgaard
peter at korsgaard.com
Mon Aug 31 20:59:52 UTC 2020
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
Hi,
>> So we would end up with package/libupnp = 1.14.0? Sounds sensible.
> Yes ideally, we should have package/libupnp = 1.14.0. Would it be
> acceptable/reasonable to bump libupnp from 1.6.x to 1.14.x and remove
> libupnp18?
Yes. Both 1.6 and 1.18 are vulnerable, right? So if we want to fix the
CVE we need to do so.
> If this is acceptable, I'll send a v2 of this serie (with the drop of
> libupnp18 and the update of ushare/igd2-for-linux).
Thanks!
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list