Overview

File _patchinfo of Package patchinfo.17481

<patchinfo incident="17481">
  <category>security</category>
  <rating>moderate</rating>
<issue tracker="bnc" id="1199047">The TCP port of the HTTP server is privileged or already in use: (port = 8042)</issue>
<issue tracker="bnc" id="1191938">VUL-1: CVE-2020-27304: civetweb: missing uploaded filepath validation in the default form-based file upload mechanism</issue>
<issue tracker="cve" id="2020-27304"></issue>
  <packager>DocB</packager>
  <summary>Security update for civetweb</summary>
  <description>
civetweb was updated to:

- do not load libcrypto/libssl dynamically, just link against them (bsc#1199047)

Version 1.15

* New configuration for URL decoding
* CVE-2020-27304: Sanitize filenames in handle form (bsc#1191938)
* Example “embedded_c.c”: Do not overwrite files (possible security issue)
* Remove obsolete examples
* Remove “experimental” label for some features
* Remove MG_LEGACY_INTERFACE that have been declared obsolete in 2017 or earlier
* Modifications to build scripts, required due to changes in the test environment
* Unix domain socket support fixed
* Fixes for NO_SSL_DL
* Fixes for some warnings / static code analysis
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places