[prev in list] [next in list] [prev in thread] [next in thread]
List: buildroot
Subject: Re: [Buildroot] [PATCH 1/3] package/libupnp18: security bump to version 1.14.0
From: Peter Korsgaard <peter () korsgaard ! com>
Date: 2020-08-31 20:59:52
Message-ID: 87zh6aa5vb.fsf () dell ! be ! 48ers ! dk
[Download RAW message or body]
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
Hi,
>> So we would end up with package/libupnp = 1.14.0? Sounds sensible.
> Yes ideally, we should have package/libupnp = 1.14.0. Would it be
> acceptable/reasonable to bump libupnp from 1.6.x to 1.14.x and remove
> libupnp18?
Yes. Both 1.6 and 1.18 are vulnerable, right? So if we want to fix the
CVE we need to do so.
> If this is acceptable, I'll send a v2 of this serie (with the drop of
> libupnp18 and the update of ushare/igd2-for-linux).
Thanks!
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic