[Buildroot] [PATCH] package/mongoose: security bump to version 7.2
Peter Korsgaard
peter at korsgaard.com
Sat Mar 20 19:12:34 UTC 2021
>>>>> "Pierre-Jean" == Pierre-Jean Texier <texier.pj2 at gmail.com> writes:
> - Fix CVE-2021-26530: The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0
> (compiled with OpenSSL support) is vulnerable to remote OOB write attack via
> connection request after exhausting memory pool.
> - Fix CVE-2021-26529: The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0
> and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write
> attack via connection request after exhausting memory pool.
> - Fix CVE-2021-26528: The mg_http_serve_file function in Cesanta Mongoose HTTP server
> 7.0 is vulnerable to remote OOB write attack via connection request after exhausting
> memory pool.
> See https://github.com/cesanta/mongoose/releases/tag/7.2
Committed to 2021.02.x, thanks.
2020.02.x / 2020.11.x uses 6.x, but without mbedtls, so they are not
affected.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list