-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 26 Dec 2013 15:41:39 +0100 Source: libmicrohttpd Binary: libmicrohttpd10 libmicrohttpd-dbg libmicrohttpd-dev Architecture: source i386 Version: 0.9.20-1+deb7u1 Distribution: wheezy Urgency: medium Maintainer: Bertrand Marc <beberking@gmail.com> Changed-By: Bertrand Marc <beberking@gmail.com> Description: libmicrohttpd-dbg - library embedding HTTP server functionality (debug) libmicrohttpd-dev - library embedding HTTP server functionality (development) libmicrohttpd10 - library embedding HTTP server functionality Closes: 731933 Changes: libmicrohttpd (0.9.20-1+deb7u1) wheezy; urgency=medium . * Fix various security issues (closes: #731933): + out-of-bounds read in MHD_http_unescape(), patch picked upstream, CVE-2013-7038. + stack overflow in MHD_digest_auth_check(), patch picked upstream, CVE-2013-7039. + handle case that original allocation request was zero and fix theoretical overflow issue reported by Florian Weimer, patch picked upstream. Checksums-Sha1: 2ad3bcacca5a2ed2ed603fe791195b5871ad6624 2109 libmicrohttpd_0.9.20-1+deb7u1.dsc 34bd0638c4dcc5472fd31ab4bee645f69272491d 6287 libmicrohttpd_0.9.20-1+deb7u1.debian.tar.gz d39ad4b1081af3b7536f642227af80446e5a6f50 53944 libmicrohttpd10_0.9.20-1+deb7u1_i386.deb 3ff905db886529e2fe6c84276fb947929e3cafe5 93094 libmicrohttpd-dbg_0.9.20-1+deb7u1_i386.deb f82d6ea05e9839ae3a265f797cd0455b546536d5 154108 libmicrohttpd-dev_0.9.20-1+deb7u1_i386.deb Checksums-Sha256: d29b50599135c137b69a80006d497b421b77f17167f0ff47bcaae0426e8f1d54 2109 libmicrohttpd_0.9.20-1+deb7u1.dsc 932e2cc723f887142774b3ea2dc2a1a925d08d709c1df7da61abd4171c4e2032 6287 libmicrohttpd_0.9.20-1+deb7u1.debian.tar.gz c455f4bcd94b296191b1d6413d7b54f2cad78a48c0370b6b033ecfaa159e1fef 53944 libmicrohttpd10_0.9.20-1+deb7u1_i386.deb bb463feaa7ce7ad753215c33dfc9838925d8aa64080211208d625cd331a367aa 93094 libmicrohttpd-dbg_0.9.20-1+deb7u1_i386.deb 932c81efa084512994f9f1ecb9c7f6a53fc3a6edd3061c547f825d9b6f8ed913 154108 libmicrohttpd-dev_0.9.20-1+deb7u1_i386.deb Files: f99fbcad11e1011aa3d85edcddfb32fb 2109 libs optional libmicrohttpd_0.9.20-1+deb7u1.dsc 09d41fd786bf533c9cbb26e93e272556 6287 libs optional libmicrohttpd_0.9.20-1+deb7u1.debian.tar.gz 841399858bed85a98170da927d31d43a 53944 libs optional libmicrohttpd10_0.9.20-1+deb7u1_i386.deb e3ba52102cc66379fd1961eaf46412bf 93094 debug extra libmicrohttpd-dbg_0.9.20-1+deb7u1_i386.deb f8a44ee51e36f75349089fc67a7adcdd 154108 libdevel optional libmicrohttpd-dev_0.9.20-1+deb7u1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIVAwUBUsSOmgkauFYGmqocAQgi9A//VdMJZlFbZO3cBWgv17RFWJ3kiso9LBi2 ++kSL2onBk0/37h1LCseNXfUl9Z1s5IP+I6tEL/PbYJjXQOTUoswIRQfM5//l5EC 8VEGQg+yeECSeig1njOVoutETLHJ0cmro0q3jawmks5MMYh1YG8fhI6py7e58x5j KFm4gbADfhHf69ei0hxVk3LxQM2LMkiuXvPzvtHnGZ30KTEWhAd9fzdoDSFeN8Uu DOYXs4A04dtQZdfKrIBop7RM96auXVn6sdhumA6p/go4IbcxAyjpg8q+LK+k+9CA AxmZuBer+Fmu0Rn0hkOq523667Bx91JCETXvHK3GJOqv+d2JoM2hjQSFqPKMAzqt k3WMVVTzXQSL4dh+oVaq/sMehadp21YglxhktWNJmX6PFYbKF7BRfOqlPOsoc2+e BDAq0HeR9MfJOwYW9mmQEZCjfIHX0erDmZW4Jz1A6uQK3c0DHzDJ6dDgg7mv1Grk dRFyMpwE2JfgnZeMzybDd33IG+Lptj8fXliKGhFUc2l3rwtBctsWXvXp4793KP+r crFj3P+lCEt2lfu4LzPnyhymInUwhTQ/YCxwndwLAv66fekv/p1Q8trEM3mJy8fc Eb60tbCZPEe+SCRB1vYg4aUFmC73Q1kLu8BocX/mRTb9qvVIJf3TX2WY7XbPYxOb raikhpsLXLc= =/kzo -----END PGP SIGNATURE-----