NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/libupnp: security bump to version 1.14.6

Browse Source 
The server part of pupnp (libupnp) appears to be vulnerable to DNS-rebinding
attacks because it does not check the value of the `Host` header.

Fixes CVE-2021-29462

https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Jörg Krause 2021-04-22 07:29:22 +00:00 committed by Thomas Petazzoni
parent adea5b316e
commit 0f23267bc2
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/libupnp/libupnp.hash
View File

@ -1,3 +1,3 @@
# Locally computed:
sha256 227ffa407be6b91d4e42abee1dd27e4b8d7e5ba8d3d45394cca4e1eadc65149a libupnp-1.14.5.tar.bz2
sha256 3168f676352e2a6e45afd6ea063721ed674c99f555394903fbd23f7f54f0a503 libupnp-1.14.6.tar.bz2
sha256 c8b99423cad48bb44e2cf52a496361404290865eac259a82da6d1e4331ececb3 COPYING

2
package/libupnp/libupnp.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
LIBUPNP_VERSION = 1.14.5
LIBUPNP_VERSION = 1.14.6
LIBUPNP_SOURCE = libupnp-$(LIBUPNP_VERSION).tar.bz2
LIBUPNP_SITE = \
http://downloads.sourceforge.net/project/pupnp/release-$(LIBUPNP_VERSION)