[Buildroot] [PATCH 1/1] package/libupnp: security bump to version 1.14.6
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Fri Apr 23 21:21:34 UTC 2021
On Thu, 22 Apr 2021 07:29:22 +0000
Jörg Krause <joerg.krause at embedded.rocks> wrote:
> The server part of pupnp (libupnp) appears to be vulnerable to DNS-rebinding
> attacks because it does not check the value of the `Host` header.
>
> Fixes CVE-2021-29462
>
> https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg
>
> Signed-off-by: Jörg Krause <joerg.krause at embedded.rocks>
> ---
> package/libupnp/libupnp.hash | 2 +-
> package/libupnp/libupnp.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list