package/libmicrohttpd: security bump to version 0.9.76
Fix CVE-2023-27371: GNU libmicrohttpd before 0.9.76 allows remote DoS
(Denial of Service) due to improper parsing of a multipart/form-data
boundary in the postprocessor.c MHD_create_post_processor() method. This
allows an attacker to remotely send a malicious HTTP POST packet that
includes one or more '\0' bytes in a multipart/form-data boundary field,
which - assuming a specific heap layout - will result in an
out-of-bounds read and a crash in the find_boundary() function.
https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3b645ffda6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine
Peter Korsgaard
parent
76b6da9d4f
commit
373b98b5a8
@ -1,3 +1,3 @@
|
|||||||
# Locally calculated
|
# Locally calculated
|
||||||
sha256 9278907a6f571b391aab9644fd646a5108ed97311ec66f6359cebbedb0a4e3bb libmicrohttpd-0.9.75.tar.gz
|
sha256 f0b1547b5a42a6c0f724e8e1c1cb5ce9c4c35fb495e7d780b9930d35011ceb4c libmicrohttpd-0.9.76.tar.gz
|
||||||
sha256 7399547209438c93f9b90297954698773d4846cea44cde5ca982c84c45952a3b COPYING
|
sha256 7399547209438c93f9b90297954698773d4846cea44cde5ca982c84c45952a3b COPYING
|
||||||
|
|||||||
@ -4,7 +4,7 @@
|
|||||||
#
|
#
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
LIBMICROHTTPD_VERSION = 0.9.75
|
LIBMICROHTTPD_VERSION = 0.9.76
|
||||||
LIBMICROHTTPD_SITE = $(BR2_GNU_MIRROR)/libmicrohttpd
|
LIBMICROHTTPD_SITE = $(BR2_GNU_MIRROR)/libmicrohttpd
|
||||||
LIBMICROHTTPD_LICENSE_FILES = COPYING
|
LIBMICROHTTPD_LICENSE_FILES = COPYING
|
||||||
LIBMICROHTTPD_CPE_ID_VENDOR = gnu
|
LIBMICROHTTPD_CPE_ID_VENDOR = gnu
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user