[Buildroot] [PATCH 1/1] package/mongoose: security bump to version 6.17

Peter Korsgaard peter at korsgaard.com
Thu Feb 13 17:09:05 UTC 2020


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > - Fix CVE-2019-19307: An integer overflow in parse_mqtt in mongoose.c in
 >   Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS
 >   (infinite loop), or possibly cause an out-of-bounds write, by sending
 >   a crafted MQTT protocol packet.
 > - Update indentation of hash file (two spaces)

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list