[Buildroot] [PATCH 1/2] lighttpd: security bump to version 1.14.51

Peter Korsgaard peter at korsgaard.com
Tue Nov 13 23:11:47 UTC 2018


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 > 1.4.50:
 > [mod_alias] security: potential path traversal with specific configs
 > [core] security: use-after-free invalid Range req
 > [mod_alias] security: path traversal in mod_alias (in some use cases) (fixes #2898)
 > [core] security: use-after-free after invalid Range request (fixes #2899)

 > 1.4.51:
 > [core,security] process headers after combining folded headers
 > [mod_userdir] security: skip username “.” and “..”

 > 1.4.51 brings optional pam and wolfssl support.  Explicitly disable these
 > options for now.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2018.02.x and 2018.08.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list