Bug#733158: pu: package libmicrohttpd/0.9.20-1

To: Bertrand Marc <beberking@gmail.com>, 733158@bugs.debian.org
Subject: Bug#733158: pu: package libmicrohttpd/0.9.20-1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 26 Dec 2013 20:15:20 +0000
Message-id: <[🔎] 1388088920.17170.14.camel@jacala.jungle.funky-badger.org>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 733158@bugs.debian.org
In-reply-to: <[🔎] 52BC4AF5.3000104@gmail.com>
References: <[🔎] 52BC4AF5.3000104@gmail.com>

Control: tags -1 + wheezy confirmed

On Thu, 2013-12-26 at 16:27 +0100, Bertrand Marc wrote:
> I would like to fix 2 security issues and another open issue in
> libmicrohttpd, as stated in Debian bug #731933. In this bug, Moritz
> Muehlenhoff suggests to go through stable proposed updates instead of a DSA.
> 
> I prepared a new version and uploaded it to mentors [1] with the
> following changes:
>   * Fix various security issues (closes: #731933):
>     + out-of-bounds read in MHD_http_unescape(), patch picked upstream,
>     CVE-2013-7038.
>     + stack overflow in MHD_digest_auth_check(), patch picked upstream,
>     CVE-2013-7039.
>     + handle case that original allocation request was zero and fix
> theoretical
>     overflow issue reported by Florian Weimer, patch picked upstream.

Please go ahead; thanks.

Regards,

Adam

Reply to:

References:
- Bug#733158: pu: package libmicrohttpd/0.9.20-1
  - From: Bertrand Marc <beberking@gmail.com>

Prev by Date: Processed: Re: Bug#733158: pu: package libmicrohttpd/0.9.20-1
Next by Date: Re: Bits from the release team (freeze time line)
Previous by thread: Processed: Re: Bug#733158: pu: package libmicrohttpd/0.9.20-1
Next by thread: Re: Bits from the release team (freeze time line)
Index(es):
- Date
- Thread