diff options
| author | Henrich Hartzer <henrichhartzer@tuta.io> | 2022-11-07 20:17:19 +0100 |
|---|---|---|
| committer | Fernando ApesteguĂa <fernape@FreeBSD.org> | 2022-11-08 17:31:41 +0100 |
| commit | 1de880e0f6277e22d81d68cba532656dc58b207a (patch) | |
| tree | dcdb4a449ec2c2ff5f38ec60667333919e5822b9 /sysutils/vcp/files/patch-log.c | |
| parent | security/vuxml: register darkhttpd DoS vulnerability (diff) | |
www/darkhttpd: Update to 1.14 (Fixes CVE-2020-25691)
ChangeLog: https://github.com/emikulic/darkhttpd/releases/tag/v1.14
* Add support for logging with syslog.
* Fix hung connection from consecutive keep-alive requests.
* Fix high CPU usage when timeout is disabled.
* Add --forward-https.
* Make header parsing case insensitive, to work behind an HTTP2 reverse proxy.
* Add trailing slash to links for directories.
* Fix crash when a file has a large (year 10,000+) mtime.
A flaw was found in darkhttpd. Invalid error handling allows remote attackers
to cause denial-of-service by accessing a file with a large modification date.
The highest threat from this vulnerability is to system availability.
PR: 267507
Reported by: henrichhartzer@tuta.io
MFH: 2022Q4 (security update)
Security: CVE-2020-25691
Diffstat (limited to 'sysutils/vcp/files/patch-log.c')
0 files changed, 0 insertions, 0 deletions