OpenBSD ports changes summary for 2016-07-19 ============================================
net/isc-bind net/libupnp == net =============================================================== 01/01 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net isc-bind ~ Makefile ~ distinfo > Update to BIND 9.10.4-P2, fixes CVE-2016-2775 ("getrrsetbyname with a non > absolute name could trigger an infinite recursion bug in lwres[..]"; > affects > users of lwresd and users with "lwres" enabled in their configuration). > Also has a couple of regression fixes. OK naddy@ (sthen@) libupnp ~ Makefile + patches/patch-upnp_src_genlib_net_http_webserver_c > patch libupnp to not allowing unhandled POSTs to write to the filesystem. > http://www.openwall.com/lists/oss-security/2016/07/18/13 > ok naddy@ sthen@ (semarie@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
