Summary: | <net-libs/libmicrohttpd-0.9.76: DoS via multipart form mishandling | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | k2k, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/0xhebi/CVEs/blob/main/GNU%20Libmicrohttpd/CVE-2023-27371.md | ||
See Also: | https://github.com/gentoo/gentoo/pull/32355 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 907351 | ||
Bug Blocks: |
Description
John Helmert III
2023-04-29 20:45:35 UTC
The only change between 0.9.75 and 0.9.76 is this patch, backported from git master on top of 0.9.75 version. https://git.gnunet.org/libmicrohttpd.git/commit/?h=v0.9.76&id=e0754d1638c602382384f1eface30854b1defeec Thanks! Please stabilize when ready then. Version 0.9.76 was stabilized. Thanks! Please remember to make stablereqs block the security bugs they fix. Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0283f56f6d4894e8fac7201f498a1074c5e1652 commit c0283f56f6d4894e8fac7201f498a1074c5e1652 Author: Karlson2k (Evgeny Grin) <k2k@narod.ru> AuthorDate: 2023-08-17 08:19:18 +0000 Commit: Arthur Zamarin <arthurzam@gentoo.org> CommitDate: 2023-08-25 17:00:00 +0000 net-libs/libmicrohttpd: drop 0.9.75 This version has vulnerability. Bug: https://bugs.gentoo.org/905326 Signed-off-by: Karlson2k (Evgeny Grin) <k2k@narod.ru> Closes: https://github.com/gentoo/gentoo/pull/32355 Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org> net-libs/libmicrohttpd/Manifest | 1 - net-libs/libmicrohttpd/libmicrohttpd-0.9.75.ebuild | 96 ---------------------- 2 files changed, 97 deletions(-) GLSA vote: no. |