CVE-2022-34037: An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Patch is in 2.5.2, please stabilize.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df84b88736016351b212c09fbb42442105a52cef commit df84b88736016351b212c09fbb42442105a52cef Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-07-23 00:53:34 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-07-23 00:53:38 +0000 www-servers/caddy: stabilize 2.5.2 for amd64 Bug: https://bugs.gentoo.org/860147 Signed-off-by: Zac Medico <zmedico@gentoo.org> www-servers/caddy/caddy-2.5.2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks! Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d86a17decd7d3272645e867394d807b29c2466da commit d86a17decd7d3272645e867394d807b29c2466da Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-07-22 17:54:07 -0700 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-07-22 17:54:18 -0700 www-servers/caddy: drop 2.5.1 Bug: https://bugs.gentoo.org/86014 Signed-off-by: Zac Medico <zmedico@gentoo.org> www-servers/caddy/Manifest | 2 -- www-servers/caddy/caddy-2.5.1.ebuild | 45 --------------------------------------------- 2 files changed, 47 deletions(-)
