buildroot/package/gupnp
Fabrice Fontaine 94a3b3f062 package/gupnp: security bump to version 1.2.6
Fix CVE-2021-33516: An issue was discovered in GUPnP before 1.0.7 and
1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web
server can exploit this vulnerability to trick a victim's browser into
triggering actions against local UPnP services implemented using this
library. Depending on the affected service, this could be used for data
exfiltration, data tempering, etc.

Replace patch by upstream commit as current patch doesn't apply cleanly

https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536
https://gitlab.gnome.org/GNOME/gupnp/-/blob/gupnp-1.2.6/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 23:14:50 +02:00
..
0001-doc-Check-for-stylesheet-existence-on-doc-build.patch package/gupnp: security bump to version 1.2.6 2021-06-01 23:14:50 +02:00
Config.in
gupnp.hash package/gupnp: security bump to version 1.2.6 2021-06-01 23:14:50 +02:00
gupnp.mk package/gupnp: security bump to version 1.2.6 2021-06-01 23:14:50 +02:00