mirror of
https://github.com/openwrt/packages.git
synced 2025-12-26 17:46:16 +04:00
d4addd14c0
From CHANGES_2.4: SECURITY: CVE-2020-11984 (cve.mitre.org) mod_proxy_uwsgi: Malicious request may result in information disclosure or RCE of existing file on the server running under a malicious process environment. [Yann Ylavic] SECURITY: CVE-2020-11993 (cve.mitre.org) mod_http2: when throttling connection requests, log statements where possibly made that result in concurrent, unsafe use of a memory pool. [Stefan Eissing] SECURITY: mod_http2: a specially crafted value for the 'Cache-Digest' header request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. [Stefan Eissing, Eric Covener, Christophe Jaillet] Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>