[Buildroot] [PATCH 2/3] package/mongoose: security bump to version 7.1
Peter Korsgaard
peter at korsgaard.com
Tue Feb 16 19:40:55 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> - Fix CVE-2021-26528: The mg_http_serve_file function in Cesanta
> Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via
> connection request after exhausting memory pool.
> - Fix CVE-2021-26529: The mg_tls_init function in Cesanta Mongoose HTTPS
> server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable
> to remote OOB write attack via connection request after exhausting
> memory pool.
> - Fix CVE-2021-26530: The mg_tls_init function in Cesanta Mongoose HTTPS
> server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB
> write attack via connection request after exhausting memory pool.
> https://github.com/cesanta/mongoose/releases/tag/7.1
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list