projects / feed / routing.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 967dde5) | patch
opennds: Release v10.1.2
authorRob White <rob@blue-wave.net>
Sat, 29 Jul 2023 18:26:10 +0000 (19:26 +0100)
committerJosef Schlehofer <pepe.schlehofer@gmail.com>
Mon, 31 Jul 2023 05:46:50 +0000 (07:46 +0200)
commit3eb9aa30566eb34608e6aacc55157dad46550a6a
treeb75888307d3a6fc66656ab6829ec7229dac3658btree | snapshot
parent967dde509b90c2166773ec672b2e8e8b81b6288acommit | diff
opennds: Release v10.1.2

Maintainer: Rob White rob@blue-wave.net

Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64

Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03

Description:
opennds (10.1.2)

Security Advisory. This version contains fixes for multiple potential security vulnerabilities
Credit - Stanislav Dashevskyi - standash.github.io [standash]
It also contains some minor bug fixes
  * Fix - Generate unique sha256 faskey if not set in config - CVE-2023-38324 [bluewavenet]
  * Fix - NULL pointer dereference if user_agent is NULL - CVE-2023-38320, CVE-2023-38322 [bluewavenet]
  * Fix - NULL pointer dereference if authdir is called with an incomplete or missing query string - CVE-2023-38313, CVE-2023-38314, CVE-2023-38315 [bluewavenet]
  * Fix - remove deprecated and non-functioning unescape callback - CVE-2023-38316 [bluewavenet]
  * Fix - prevent potential recursive dependency and detect if conflicting package is installed [bluewavenet]

Signed-off-by: Rob White <rob@blue-wave.net>
opennds/Makefile diff | blob | history
Mirror of routing feed