[Buildroot] [PATCH 1/1] package/libupnp: security bump to version 1.14.6

Peter Korsgaard peter at korsgaard.com
Mon Apr 26 18:58:48 UTC 2021


>>>>> "Jörg" == Jörg Krause <joerg.krause at embedded.rocks> writes:

 > The server part of pupnp (libupnp) appears to be vulnerable to DNS-rebinding
 > attacks because it does not check the value of the `Host` header.

 > Fixes CVE-2021-29462

 > https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg

 > Signed-off-by: Jörg Krause <joerg.krause at embedded.rocks>

Committed to 2021.02.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list