This release includes a version of neon which fixes security issue CVE-2007-0157, thanks to Laszlo Boszormenyi: an array index error in the URI parser in neon versions 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.
Download: http://www.webdav.org/cadaver/cadaver-0.22.5.tar.gz Signature: http://www.webdav.org/cadaver/cadaver-0.22.5.tar.gz.asc MD5: e9fade983dd7b18d33230967051fcfe0 cadaver-0.22.5.tar.gz SHA1: 598dd195597f89d15b3824d018cae3aaeafad44b cadaver-0.22.5.tar.gz Changes in release 0.22.5: * Update to neon 0.26.3: - fix security issue in URI parser, CVE-2007-0157 * Document netrc support in man page (Sebastian Harl) _______________________________________________ cadaver mailing list [email protected] http://mailman.webdav.org/mailman/listinfo/cadaver
