[Buildroot] [PATCH v2, 2/2] package/thrift: security bump to version 0.14.1

Peter Korsgaard peter at korsgaard.com
Thu Jul 15 06:49:24 UTC 2021


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > Fix CVE-2020-13949: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC
 > clients could send short messages which would result in a large memory
 > allocation, potentially leading to denial of service.

 > - Disable javascript and nodejs which have been added with
 >   https://github.com/apache/thrift/commit/61d502075bf5da10331c201f604acdfefc4d5edc
 > - Update hash of LICENSE, license for windows-specific files added:
 >   https://github.com/apache/thrift/commit/98854c48744f20b3f551817273ed502835477f09

 > https://github.com/apache/thrift/blob/v0.14.1/CHANGES.md

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2021.02.x and 2021.05.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list