Package: libmicrohttpd / 0.9.20-1+deb7u1
Metadata
Package | Version | Patches format |
---|---|---|
libmicrohttpd | 0.9.20-1+deb7u1 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
01 manpage.patch | (download) |
doc/libmicrohttpd.3 |
2 1 + 1 - 0 ! |
fixing bad what-is entry. |
CVE 2013 7038.diff | (download) |
src/daemon/internal.c |
6 6 + 0 - 0 ! |
an out-of-bounds memory read flaw was found in the MHD_http_unescape() function in libmicrohttpd. This could possibly lead to information disclosure or allow a remote attacker to cause an application using libmicrohttpd to crash. |
CVE 2013 7039.diff | (download) |
src/daemon/digestauth.c |
12 11 + 1 - 0 ! |
a stack overflow flaw was found in the mhd_digest_auth_check() function in libmicrohttpd. If MHD_OPTION_CONNECTION_MEMORY_LIMIT was configured to allow large allocations, a remote attacker could possibly use this flaw to cause an application using libmicrohttpd to crash or, potentially, execute arbitrary code with the privileges of the user running the application. |
allocation_request_was_zero.diff | (download) |
src/daemon/memorypool.c |
36 21 + 15 - 0 ! |
handle case that original allocation request was zero and fix theoretical overflow issue reported by Florian Weimer. |
1