[Buildroot] [PATCH 2/2] package/haserl: security bump to version 0.9.36

Peter Korsgaard peter at korsgaard.com
Tue Mar 30 06:17:36 UTC 2021


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > 2021-03-07	0.9.36
 > *	Fix sf.net issue #5 - its possible to issue a PUT request
 > 	without a CONTENT-TYPE.   Assume an octet-stream in that case.
 > *	Change the Prefix for variables to be the REQUEST_METHOD
 > 	(PUT/DELETE/GET/POST)
 > 	**** THIS IS A BREAKING CHANGE vs 0.9.33 ****
 > *	Mitigations vs running haserl to get access to files not
 > 	available to the user.

 > - Fix CVE-2021-29133: Lack of verification in haserl, a component of
 >   Alpine Linux Configuration Framework, before 0.9.36 allows local users
 >   to read the contents of any file on the filesystem.
 > - Update indentation in hash file (two spaces)

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list