[Lunar-commits] <moonbase> neon: version bumped to 0.28.6.

Florin Braescu florin at lunar-linux.org
Wed Aug 19 14:57:34 CEST 2009


commit cb8f45b2fac4635b0e3e093a033b6842156fd9ca
Author: Florin Braescu <florin at lunar-linux.org>
Date:   Wed Aug 19 15:57:34 2009 +0300

    neon: version bumped to 0.28.6.
    
    This release fixes two security issues.
    The "billion laughs" XML entity expansion attack allowed a denial of
    service by a malicious server if neon was linked against expat.
    The handling of NUL bytes in an SSL certificate subject name allowed
    a possible MITM attack.
---
 libs/neon/DETAILS |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/libs/neon/DETAILS b/libs/neon/DETAILS
index 4fdfbea..5d12f99 100644
--- a/libs/neon/DETAILS
+++ b/libs/neon/DETAILS
@@ -1,11 +1,11 @@
           MODULE=neon
-         VERSION=0.28.4
+         VERSION=0.28.6
           SOURCE=$MODULE-$VERSION.tar.gz
       SOURCE_URL=http://www.webdav.org/$MODULE
-      SOURCE_VFY=sha1:f2685b56cecf754cb51ac69f974ea090ea85c75e
+      SOURCE_VFY=sha1:da7db2e3289cc3dbef7794e8cc3c56978a0d7157
         WEB_SITE=http://www.webdav.org/neon
          ENTERED=20020526
-         UPDATED=20090305
+         UPDATED=20090819
            SHORT="WebDAV client library, with a C interface"
 
 cat << EOF


More information about the Lunar-commits mailing list