[Buildroot] [PATCH 2/2] package/haserl: security bump to version 0.9.36
Peter Korsgaard
peter at korsgaard.com
Tue Mar 30 06:17:36 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> 2021-03-07 0.9.36
> * Fix sf.net issue #5 - its possible to issue a PUT request
> without a CONTENT-TYPE. Assume an octet-stream in that case.
> * Change the Prefix for variables to be the REQUEST_METHOD
> (PUT/DELETE/GET/POST)
> **** THIS IS A BREAKING CHANGE vs 0.9.33 ****
> * Mitigations vs running haserl to get access to files not
> available to the user.
> - Fix CVE-2021-29133: Lack of verification in haserl, a component of
> Alpine Linux Configuration Framework, before 0.9.36 allows local users
> to read the contents of any file on the filesystem.
> - Update indentation in hash file (two spaces)
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list