Just checking in. The CVE has been published here:
https://nvd.nist.gov/vuln/detail/CVE-2019-16200.
Did the patch file work? Will you push the patch for the bug?
Thanks,
Austin
________________________________________
From: bug-serveez <bug-serveez-bounces+agadient=address@hidden> on behalf of Austin
James Gadient <address@hidden>
Sent: Saturday, November 16, 2019 9:00 AM
To: Raimund 'Raimi' Jacob-Blödorn; address@hidden
Subject: Re: [bug-serveez] Serveez Information Leak Vulnerability
Hi Raimund,
Did that patch file work for you?
Thanks,
Austin
________________________________________
From: Austin James Gadient
Sent: Saturday, November 9, 2019 8:07 PM
To: Raimund 'Raimi' Jacob-Blödorn; address@hidden
Subject: Re: [bug-serveez] Serveez Information Leak Vulnerability
Hi Raimund,
Ah sorry about that and no problem!
I have attached a patch file that you should be able to apply from the
serveez-0.2.2 directory.
Let me know if you have any issues and thank you for your time!
Best Regards,
Austin
________________________________________
From: Raimund 'Raimi' Jacob-Blödorn <address@hidden>
Sent: Saturday, November 9, 2019 10:58 AM
To: Austin James Gadient; address@hidden
Subject: Re: [bug-serveez] Serveez Information Leak Vulnerability
On 11/7/19 5:57 PM, Austin James Gadient wrote:
Hello Austin!
Just following up. Have you had a chance to look at this?
Well, I cannot do much with your Mac OS compilation attempts.
I tried to diff your sources against the "next" branch of the serveez
git repository but could not identify any change of yours.
If I understand you correctly, it should be sufficient to make
http->contentlength an unsigned int (and/or have an arbitrary cap somwhere).
I am really sorry to have so little time to investigate. But if you send
mit a simple diff I'll do my best to apply it.
Greetings,
Raimund
_______________________________________________
bug-serveez mailing list
address@hidden
https://lists.gnu.org/mailman/listinfo/bug-serveez
_______________________________________________
bug-serveez mailing list
address@hidden
https://lists.gnu.org/mailman/listinfo/bug-serveez