[Buildroot] [PATCH v2, 2/2] package/thrift: security bump to version 0.14.1
Peter Korsgaard
peter at korsgaard.com
Thu Jul 15 06:49:24 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Fix CVE-2020-13949: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC
> clients could send short messages which would result in a large memory
> allocation, potentially leading to denial of service.
> - Disable javascript and nodejs which have been added with
> https://github.com/apache/thrift/commit/61d502075bf5da10331c201f604acdfefc4d5edc
> - Update hash of LICENSE, license for windows-specific files added:
> https://github.com/apache/thrift/commit/98854c48744f20b3f551817273ed502835477f09
> https://github.com/apache/thrift/blob/v0.14.1/CHANGES.md
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2021.02.x and 2021.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list