Package: libmicrohttpd / 0.9.20-1+deb7u1

Metadata

Package Version Patches format
libmicrohttpd 0.9.20-1+deb7u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01 manpage.patch | (download)

doc/libmicrohttpd.3 | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fixing bad what-is entry.

CVE 2013 7038.diff | (download)

src/daemon/internal.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 an out-of-bounds memory read flaw was found in the
 MHD_http_unescape() function in libmicrohttpd. This could possibly lead to
 information disclosure or allow a remote attacker to cause an application
 using libmicrohttpd to crash.
CVE 2013 7039.diff | (download)

src/daemon/digestauth.c | 12 11 + 1 - 0 !
1 file changed, 11 insertions(+), 1 deletion(-)

 a stack overflow flaw was found in the mhd_digest_auth_check()
 function in libmicrohttpd. If MHD_OPTION_CONNECTION_MEMORY_LIMIT was
 configured to allow large allocations, a remote attacker could possibly use
 this flaw to cause an application using libmicrohttpd to crash or,
 potentially, execute arbitrary code with the privileges of the user running
 the application.
allocation_request_was_zero.diff | (download)

src/daemon/memorypool.c | 36 21 + 15 - 0 !
1 file changed, 21 insertions(+), 15 deletions(-)

 handle case that original allocation request was zero and fix
 theoretical overflow issue reported by Florian Weimer.