[Buildroot] [PATCH 1/1] package/minidlna: fix CallStranger a.k.a. CVE-2020-12675
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Sun Sep 6 12:38:25 UTC 2020
On Sun, 6 Sep 2020 12:09:38 +0200
Fabrice Fontaine <fontaine.fabrice at gmail.com> wrote:
> No MINIDLNA_IGNORE_CVES entry is added as no CVE has been assigned to
> minidlna. Indeed, CallStranger vulnerability affect(ed) most of the UPnP
> stacks (e.g. gupnp, libupnp)
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> ---
> ...x-CallStranger-a.k.a.-CVE-2020-12695.patch | 133 ++++++++++++++++++
> 1 file changed, 133 insertions(+)
> create mode 100644 package/minidlna/0002-upnphttp.c-fix-CallStranger-a.k.a.-CVE-2020-12695.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list