[Lunar-commits] <moonbase> neon: version bumped to 0.28.6.
Florin Braescu
florin at lunar-linux.org
Wed Aug 19 14:57:34 CEST 2009
commit cb8f45b2fac4635b0e3e093a033b6842156fd9ca
Author: Florin Braescu <florin at lunar-linux.org>
Date: Wed Aug 19 15:57:34 2009 +0300
neon: version bumped to 0.28.6.
This release fixes two security issues.
The "billion laughs" XML entity expansion attack allowed a denial of
service by a malicious server if neon was linked against expat.
The handling of NUL bytes in an SSL certificate subject name allowed
a possible MITM attack.
---
libs/neon/DETAILS | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/libs/neon/DETAILS b/libs/neon/DETAILS
index 4fdfbea..5d12f99 100644
--- a/libs/neon/DETAILS
+++ b/libs/neon/DETAILS
@@ -1,11 +1,11 @@
MODULE=neon
- VERSION=0.28.4
+ VERSION=0.28.6
SOURCE=$MODULE-$VERSION.tar.gz
SOURCE_URL=http://www.webdav.org/$MODULE
- SOURCE_VFY=sha1:f2685b56cecf754cb51ac69f974ea090ea85c75e
+ SOURCE_VFY=sha1:da7db2e3289cc3dbef7794e8cc3c56978a0d7157
WEB_SITE=http://www.webdav.org/neon
ENTERED=20020526
- UPDATED=20090305
+ UPDATED=20090819
SHORT="WebDAV client library, with a C interface"
cat << EOF
More information about the Lunar-commits
mailing list