On 2018/11/09 08:52, Landry Breuil wrote: > Hi, > > here's an untested diff for 1.14.1, for: > > *) Security: when using HTTP/2 a client might cause excessive memory > consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844). > > *) Security: processing of a specially crafted mp4 file with the > ngx_http_mp4_module might result in worker process memory > disclosure > (CVE-2018-16845). > > *) Bugfix: working with gRPC backends might result in excessive memory > consumption.
OK with me. > still have to build it locally but it seems ruby passenger pkgs are not > available on the mirrors right now. That's fixed in -current (incompatible change in the curl update).
