[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] Regarding CVE-2021-3580

From: Christian Grothoff
Subject: Re: [libmicrohttpd] Regarding CVE-2021-3580
Date: Thu, 14 Jul 2022 18:55:21 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0

On 7/14/22 15:09, Mishra, Milind via libmicrohttpd wrote:

The project I work on uses This library in turn is dependent on

As per CVE-2021-3580 <> there was a security flaw in libnettle6 - 3.4.1-4.15.1 which was fixed in 3.4.1-4.18.1.

Have the fixes in version 3.4.1-4.18.1 incorporated any changes that might impact the working of

If you are statically linked against libnettle *and* have enabled RSA key transport in your TLS configuration, then you may need to re-link GNU libmicrohttpd. If you are dynamically linked, simply updating the dependency should be completely sufficient.

Note that GNU libmicrohttpd doesn't directly use GNU nettle, we only use it via GNUtls.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]