[Buildroot] [PATCH 1/1] package/libupnp: set LIBUPNP_CPE_ID_VALID

Thomas Petazzoni thomas.petazzoni at bootlin.com
Mon Jan 11 20:54:54 UTC 2021


On Mon, 11 Jan 2021 21:41:34 +0100
Fabrice Fontaine <fontaine.fabrice at gmail.com> wrote:

> I sent a patch serie in September to bump libupnp to the latest version:
> https://patchwork.ozlabs.org/project/buildroot/list/?series=198748
> 
> I think it should be reviewed and applied especially because libupnp
> 1.6 and 1.8 are old and vulnerable to Call Stranger.

Ah right. I was also surprised when I saw libupnp/libupnp18, as I
remember seeing patches that were finally resolving this annoyance. But
seems like indeed those patches have not yet been reviewed/applied. We
should get to that, I guess!

Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


More information about the buildroot mailing list