[Buildroot] [PATCH 1/2] package/nghttp2: security bump to version 1.39.2

Thomas Petazzoni thomas.petazzoni at bootlin.com
Fri Sep 13 20:33:52 UTC 2019


On Thu, 12 Sep 2019 21:43:53 +0200
Peter Korsgaard <peter at korsgaard.com> wrote:

> Fixes the following security issues:
> 
> CVE-2019-9511: Data Dribble
> CVE-2019-9513: Resource Loop
> 
> For details, see the advisory:
> https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/
> 
> Notice that libnghttp2 itself is not affected by these vulnerabilities, only
> nghttpx and nghttpd (which are currently not built).
> 
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
>  package/nghttp2/nghttp2.hash | 2 +-
>  package/nghttp2/nghttp2.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Both applied to master. Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com



More information about the buildroot mailing list