Bug#733158: pu: package libmicrohttpd/0.9.20-1
Control: tags -1 + wheezy confirmed
On Thu, 2013-12-26 at 16:27 +0100, Bertrand Marc wrote:
> I would like to fix 2 security issues and another open issue in
> libmicrohttpd, as stated in Debian bug #731933. In this bug, Moritz
> Muehlenhoff suggests to go through stable proposed updates instead of a DSA.
>
> I prepared a new version and uploaded it to mentors [1] with the
> following changes:
> * Fix various security issues (closes: #731933):
> + out-of-bounds read in MHD_http_unescape(), patch picked upstream,
> CVE-2013-7038.
> + stack overflow in MHD_digest_auth_check(), patch picked upstream,
> CVE-2013-7039.
> + handle case that original allocation request was zero and fix
> theoretical
> overflow issue reported by Florian Weimer, patch picked upstream.
Please go ahead; thanks.
Regards,
Adam
Reply to: