|
From: | Christian Grothoff |
Subject: | [libmicrohttpd] GNU libmicrohttpd 0.9.76 released |
Date: | Mon, 27 Feb 2023 20:18:21 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 |
Dear all,I've just released GNU libmicrohttpd 0.9.76 with just one small change that fixes a security problem in the MHD_PostProcessor where malformed inputs can be used to crash the server (for denial-of-service). While the bug is not believed to be exploitable in other ways and only applies for applications that use the (optional) MHD_PostProcessing logic, we of course encourage everyone to upgrade.
Thanks to Gynvael Coldwind and Dejan Alvadzijevic for responsibly disclosing the problem and even proposing a good solution.
You can download GNU libmicrohttpd 0.9.76 from: * https://ftp.gnu.org/gnu/libmicrohttpd/ and all GNU FTP mirrors. * Our git repository at https://git.gnunet.org/libmicrohttpd.git Please report bugs to our bugtracker at https://bugs.gnunet.org/set_project.php?project_id=10. The documentation (including a reference manual and tutorial) can be found at https://gnu.org/s/libmicrohttpd. Happy hacking! Christian
[Prev in Thread] | Current Thread | [Next in Thread] |