[Buildroot] [PATCH] package/hostapd: add upstream 2020-1 security patches
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Mon Aug 24 20:39:03 UTC 2020
On Mon, 24 Aug 2020 12:46:15 +0200
Peter Korsgaard <peter at korsgaard.com> wrote:
> Fixes the following security vulnerabilities:
>
> CVE-2020-12695: The Open Connectivity Foundation UPnP specification before
> 2020-04-17 does not forbid the acceptance of a subscription request with a
> delivery URL on a different network segment than the fully qualified
> event-subscription URL, aka the CallStranger issue.
>
> For details, see the advisory:
> https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> package/hostapd/hostapd.hash | 3 +++
> package/hostapd/hostapd.mk | 7 +++++++
> 2 files changed, 10 insertions(+)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list