Security update for civetweb
civetweb was updated to:
- do not load libcrypto/libssl dynamically, just link against them (bsc#1199047)
Version 1.15
* New configuration for URL decoding
* CVE-2020-27304: Sanitize filenames in handle form (bsc#1191938)
* Example “embedded_c.c”: Do not overwrite files (possible security issue)
* Remove obsolete examples
* Remove “experimental” label for some features
* Remove MG_LEGACY_INTERFACE that have been declared obsolete in 2017 or earlier
* Modifications to build scripts, required due to changes in the test environment
* Unix domain socket support fixed
* Fixes for NO_SSL_DL
* Fixes for some warnings / static code analysis
-
Submitted by
Axel Braun (DocB)
Fixed bugs
bnc#1199047
The TCP port of the HTTP server is privileged or already in use: (port = 8042)
bnc#1191938
VUL-1: CVE-2020-27304: civetweb: missing uploaded filepath validation in the default form-based file upload mechanism
