[Buildroot] [PATCH 1/2] package/nghttp2: security bump to version 1.39.2

Peter Korsgaard peter at korsgaard.com
Wed Sep 25 17:58:14 UTC 2019

>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 > CVE-2019-9511: Data Dribble
 > CVE-2019-9513: Resource Loop

 > For details, see the advisory:
 > https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/

 > Notice that libnghttp2 itself is not affected by these vulnerabilities, only
 > nghttpx and nghttpd (which are currently not built).

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2019.02.x, 2019.05.x and 2019.08.x, thanks.

Bye, Peter Korsgaard

More information about the buildroot mailing list