From 0cca0248f030ea32bd8de778b5a2782e0d191978 Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Fri, 9 Oct 2015 13:16:44 +0200 Subject: [PATCH] Update miniupnpc to 1.9.20151008 This version of miniupnpc fixes a buffer overflow in the XML (ugh) parser during initial network discovery. http://talosintel.com/reports/TALOS-2015-0035/ The commit fixing the vulnerability is: https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78 Reported by timothy on IRC. --- depends/packages/miniupnpc.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/depends/packages/miniupnpc.mk b/depends/packages/miniupnpc.mk index ee1ee2f4b8e..77bae10c793 100644 --- a/depends/packages/miniupnpc.mk +++ b/depends/packages/miniupnpc.mk @@ -1,8 +1,8 @@ package=miniupnpc -$(package)_version=1.9.20150730 +$(package)_version=1.9.20151008 $(package)_download_path=http://miniupnp.free.fr/files $(package)_file_name=$(package)-$($(package)_version).tar.gz -$(package)_sha256_hash=1d64fab1fd3b4c8545139341ba197f19329a863f4f21b578fc2a228ab586a604 +$(package)_sha256_hash=e444ac3b587ce82709c4d0cfca1fe71f44f9fc433e9f946b12b9e1bfe667a633 define $(package)_set_vars $(package)_build_opts=CC="$($(package)_cc)"