home-assistant
/
buildroot
mirror of https://github.com/home-assistant/buildroot.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
buildroot/package/darkhttpd
History
Peter Korsgaard 1ed1ff4c43 package/darkhttpd: security bump to version 1.15 
Fixes the following security issues:

CVE-2024-23770: Local Leak of Authentication Parameter in Process List

CVE-2024-23771: Basic Auth Timing Attack

https://security.opensuse.org/2024/01/22/darkhttpd-basic-auth-issues.html

Notice that CVE-2024-23770 is only documented as a known weakness, not
fixed.

Also change the license logic to use the dedicated COPYING file available
since 1.14:

a8ae2b1de0

This license is ISC, not MIT - So adjust DARKHTTPD_LICENSE to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0c7fd35947)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 		2024-02-28 17:42:57 +01:00
..
Config.in
S50darkhttpd
darkhttpd.hash package/darkhttpd: security bump to version 1.15 2024-02-28 17:42:57 +01:00
darkhttpd.mk package/darkhttpd: security bump to version 1.15 2024-02-28 17:42:57 +01:00
darkhttpd.service