Control: tags -1 + wheezy confirmed On Thu, 2013-12-26 at 16:27 +0100, Bertrand Marc wrote: > I would like to fix 2 security issues and another open issue in > libmicrohttpd, as stated in Debian bug #731933. In this bug, Moritz > Muehlenhoff suggests to go through stable proposed updates instead of a DSA. > > I prepared a new version and uploaded it to mentors [1] with the > following changes: > * Fix various security issues (closes: #731933): > + out-of-bounds read in MHD_http_unescape(), patch picked upstream, > CVE-2013-7038. > + stack overflow in MHD_digest_auth_check(), patch picked upstream, > CVE-2013-7039. > + handle case that original allocation request was zero and fix > theoretical > overflow issue reported by Florian Weimer, patch picked upstream.
Please go ahead; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
