[Buildroot] [PATCH v1] package/libfcgi: bump to 2.4.5 to fix CVE-2025-23016
Arnout Vandecappelle
arnout at rnout.be
Fri May 2 10:22:34 UTC 2025
On 14/04/2025 23:24, Thomas Devoogdt wrote:
> From: Thomas Devoogdt <thomas.devoogdt at barco.com>
>
> Announcement:
> - https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5
>
> See:
> - https://nvd.nist.gov/vuln/detail/CVE-2025-23016
> - https://github.com/advisories/GHSA-9825-56cx-cfg6
> - https://github.com/FastCGI-Archives/fcgi2/issues/67
>
> Signed-off-by: Thomas Devoogdt <thomas.devoogdt at barco.com>
Applied to 2025.02.x, thanks.
Regards,
Arnout
> ---
> package/libfcgi/libfcgi.hash | 2 +-
> package/libfcgi/libfcgi.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/libfcgi/libfcgi.hash b/package/libfcgi/libfcgi.hash
> index ca660c6ebd..371dba8939 100644
> --- a/package/libfcgi/libfcgi.hash
> +++ b/package/libfcgi/libfcgi.hash
> @@ -1,3 +1,3 @@
> # Locally calculated
> -sha256 c0e0d9cc7d1e456d7278c974e2826f593ef5ca555783eba81e7e9c1a07ae0ecc libfcgi-2.4.4.tar.gz
> +sha256 92b0111a98d8636e06c128444a3d4d7a720bdd54e6ee4dd0c7b67775b1b0abff libfcgi-2.4.5.tar.gz
> sha256 f0a8fe4513a43e8eebb24cdcf9d2e7efc52e4d8259178c6d76d3d84418397d81 LICENSE
> diff --git a/package/libfcgi/libfcgi.mk b/package/libfcgi/libfcgi.mk
> index 3c90b30e39..2348af843b 100644
> --- a/package/libfcgi/libfcgi.mk
> +++ b/package/libfcgi/libfcgi.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -LIBFCGI_VERSION = 2.4.4
> +LIBFCGI_VERSION = 2.4.5
> LIBFCGI_SITE = $(call github,FastCGI-Archives,fcgi2,$(LIBFCGI_VERSION))
> LIBFCGI_LICENSE = OML
> LIBFCGI_LICENSE_FILES = LICENSE
More information about the buildroot
mailing list