[Buildroot] [git commit branch/2019.02.x] package/mongoose: security bump to version 6.17
Peter Korsgaard
peter at korsgaard.com
Wed Mar 11 21:26:55 UTC 2020
commit: https://git.buildroot.net/buildroot/commit/?id=d862f99818d7201fdaef58844f71b50388e18760
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2019.02.x
- Fix CVE-2019-19307: An integer overflow in parse_mqtt in mongoose.c in
Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS
(infinite loop), or possibly cause an out-of-bounds write, by sending
a crafted MQTT protocol packet.
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit c18562a82a47fc8cc9cb3af92cdee7ddbffc8a76)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/mongoose/mongoose.hash | 4 ++--
package/mongoose/mongoose.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/mongoose/mongoose.hash b/package/mongoose/mongoose.hash
index d380131631..c5de11bec2 100644
--- a/package/mongoose/mongoose.hash
+++ b/package/mongoose/mongoose.hash
@@ -1,3 +1,3 @@
# Locally computed:
-sha256 1f20f2781862560ddf3203dfb0e6fcf248a68bf92aefbeafb9d2a629c4767c02 mongoose-6.16.tar.gz
-sha256 fdc34eeea97327d75c83492abd34f1a3200c53dec04422ecda8071dc60a36d10 LICENSE
+sha256 5bff3cc70bb2248cf87d06a3543f120f3b29b9368d25a7715443cb10612987cc mongoose-6.17.tar.gz
+sha256 fdc34eeea97327d75c83492abd34f1a3200c53dec04422ecda8071dc60a36d10 LICENSE
diff --git a/package/mongoose/mongoose.mk b/package/mongoose/mongoose.mk
index bb40de261e..7944f5e534 100644
--- a/package/mongoose/mongoose.mk
+++ b/package/mongoose/mongoose.mk
@@ -4,7 +4,7 @@
#
################################################################################
-MONGOOSE_VERSION = 6.16
+MONGOOSE_VERSION = 6.17
MONGOOSE_SITE = $(call github,cesanta,mongoose,$(MONGOOSE_VERSION))
MONGOOSE_LICENSE = GPL-2.0
MONGOOSE_LICENSE_FILES = LICENSE
More information about the buildroot
mailing list