[Buildroot] [PATCH 1/1] package/libupnp: security bump to version 1.14.6
Peter Korsgaard
peter at korsgaard.com
Mon Apr 26 18:58:48 UTC 2021
>>>>> "Jörg" == Jörg Krause <joerg.krause at embedded.rocks> writes:
> The server part of pupnp (libupnp) appears to be vulnerable to DNS-rebinding
> attacks because it does not check the value of the `Host` header.
> Fixes CVE-2021-29462
> https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg
> Signed-off-by: Jörg Krause <joerg.krause at embedded.rocks>
Committed to 2021.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list