Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / buildroot / buildroot / c0201c74b6821030cb1cd4260b5ef69c6fc0ac33
commitc0201c74b6821030cb1cd4260b5ef69c6fc0ac33[log] [tgz]
authorPeter Korsgaard <peter@korsgaard.com>Thu Sep 12 21:43:53 2019 +0200
committerJan Kundrát <jan.kundrat@cesnet.cz>Thu Oct 10 17:11:50 2019 +0200
treea68408f74f066be52b9f1dedb483e439ff60d97e
parentbaf130146af06d9f21333169b6dafe76a79e7b4d [diff]
package/nghttp2: security bump to version 1.39.2

Fixes the following security issues:

CVE-2019-9511: Data Dribble
CVE-2019-9513: Resource Loop

For details, see the advisory:
https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/

Notice that libnghttp2 itself is not affected by these vulnerabilities, only
nghttpx and nghttpd (which are currently not built).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2 files changed
tree: a68408f74f066be52b9f1dedb483e439ff60d97e
  1. .defconfig
  2. .flake8
  3. .gitignore
  4. .gitlab-ci.yml
  5. .gitlab-ci.yml.in
  6. CHANGES
  7. COPYING
  8. Config.in
  9. Config.in.legacy
  10. DEVELOPERS
  11. Makefile
  12. Makefile.legacy
  13. README
  14. arch/
  15. board/
  16. boot/
  17. configs/
  18. docs/
  19. fs/
  20. linux/
  21. package/
  22. support/
  23. system/
  24. toolchain/
  25. utils/