Dear all,
I've just released GNU libmicrohttpd 0.9.76 with just one small change
that fixes a security problem in the MHD_PostProcessor where malformed
inputs can be used to crash the server (for denial-of-service). While
the bug is not believed to be exploitable in other ways and only applies
for applications that use the (optional) MHD_PostProcessing logic, we of
course encourage everyone to upgrade.
Thanks to Gynvael Coldwind and Dejan Alvadzijevic for responsibly
disclosing the problem and even proposing a good solution.
You can download GNU libmicrohttpd 0.9.76 from:
* https://ftp.gnu.org/gnu/libmicrohttpd/ and all GNU FTP mirrors.
* Our git repository at https://git.gnunet.org/libmicrohttpd.git
Please report bugs to our bugtracker at
https://bugs.gnunet.org/set_project.php?project_id=10.
The documentation (including a reference manual and tutorial) can be
found at https://gnu.org/s/libmicrohttpd.
Happy hacking!
Christian
