NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8bdb043d10
kumquat-buildroot/package/haserl/haserl.hash
Fabrice Fontaine ad1d416166 package/haserl: security bump to version 0.9.36 
2021-03-07	0.9.36
*	Fix sf.net issue #5 - its possible to issue a PUT request
	without a CONTENT-TYPE.   Assume an octet-stream in that case.
*	Change the Prefix for variables to be the REQUEST_METHOD
	(PUT/DELETE/GET/POST)
	**** THIS IS A BREAKING CHANGE vs 0.9.33 ****
*	Mitigations vs running haserl to get access to files not
	available to the user.

- Fix CVE-2021-29133: Lack of verification in haserl, a component of
  Alpine Linux Configuration Framework, before 0.9.36 allows local users
  to read the contents of any file on the filesystem.
- Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 661ce9aac9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-03 12:15:30 +02:00

6 lines
296 B
Plaintext
Raw Blame History

# From http://sourceforge.net/projects/haserl/files/haserl-devel/
md5 b94cd201a82b410b7f93fe3a31416cff haserl-0.9.36.tar.gz
sha1 a6244b496f06e1fea70581cb02c04bc1f0ffcbc3 haserl-0.9.36.tar.gz
# Locally computed
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
Reference in New Issue View Git Blame Copy Permalink