CVSROOT: /cvs Module name: ports Changes by: [email protected] 2019/02/12 15:01:43
Modified files:
www/hiawatha : Tag: OPENBSD_6_4 Makefile distinfo
Log message:
SECURITY:
Update to hiawatha 10.8.4.
"When AllowDotFiles is enabled, a directory traversal is possible,
exposing files which can be read by the webserver to the outside
world. By default, AllowDotFiles is not enabled."
https://csirt.cedia.org.ec/2019/02/apv-190208001-vulnerability-detected-in-hiawatha-allowdotfiles/
