NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
99952c08a8
kumquat-buildroot/package/gupnp/gupnp.hash
Fabrice Fontaine 9ab4079a74 package/gupnp: security bump to version 1.2.6 
Fix CVE-2021-33516: An issue was discovered in GUPnP before 1.0.7 and
1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web
server can exploit this vulnerability to trick a victim's browser into
triggering actions against local UPnP services implemented using this
library. Depending on the affected service, this could be used for data
exfiltration, data tempering, etc.

Replace patch by upstream commit as current patch doesn't apply cleanly

https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536
https://gitlab.gnome.org/GNOME/gupnp/-/blob/gupnp-1.2.6/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 94a3b3f062)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-06-10 22:08:40 +02:00

6 lines
286 B
Plaintext
Raw Blame History

# Hash from: http://ftp.gnome.org/pub/gnome/sources/gupnp/1.2/gupnp-1.2.6.sha256sum:
sha256 00b20f1e478a72deac92c34723693a2ac55789ed1e4bb4eed99eb4d62092aafd gupnp-1.2.6.tar.xz
# Hash for license file:
sha256 d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5 COPYING
Reference in New Issue View Git Blame Copy Permalink