Source: ulfius Version: 2.7.1-1 Severity: important Tags: patch
-- System Information: Debian Release: 11.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system)
Description: Fix CVE-2021-40540 Author: Nicolas Mora <babelou...@debian.org> Forwarded: not-needed --- a/src/ulfius.c +++ b/src/ulfius.c @@ -207,6 +207,7 @@ UNUSED(cls); if (con_info != NULL) { + memset(con_info, 0, sizeof(struct connection_info_struct)); con_info->callback_first_iteration = 1; con_info->u_instance = NULL; u_map_init(&con_info->map_url_initial);