Diffusion FreeBSD ports repository 1de880e0f627

www/darkhttpd: Update to 1.14 (Fixes CVE-2020-25691)
1de880e0f627
Actions

Description

www/darkhttpd: Update to 1.14 (Fixes CVE-2020-25691)

ChangeLog: https://github.com/emikulic/darkhttpd/releases/tag/v1.14

Add support for logging with syslog.
Fix hung connection from consecutive keep-alive requests.
Fix high CPU usage when timeout is disabled.
Add --forward-https.
Make header parsing case insensitive, to work behind an HTTP2 reverse proxy.
Add trailing slash to links for directories.
Fix crash when a file has a large (year 10,000+) mtime.

A flaw was found in darkhttpd. Invalid error handling allows remote attackers
to cause denial-of-service by accessing a file with a large modification date.
The highest threat from this vulnerability is to system availability.

PR: 267507
Reported by: henrichhartzer@tuta.io
MFH: 2022Q4 (security update)
Security: CVE-2020-25691

Details

Provenance

henrichhartzer_tuta.io	Authored on Nov 7 2022, 7:17 PM
fernape	Committed on Nov 8 2022, 4:31 PM

Parents

R11:bbe3b93c5dcb: security/vuxml: register darkhttpd DoS vulnerability

Branches

Unknown

Tags

Unknown

Event Timeline

fernape committed R11:1de880e0f627: www/darkhttpd: Update to 1.14 (Fixes CVE-2020-25691) (authored by henrichhartzer_tuta.io).Nov 8 2022, 4:31 PM

fernape mentioned this in R11:2f5b21e40a83: www/darkhttpd: Update to 1.14 (Fixes CVE-2020-25691).Nov 8 2022, 4:38 PM

Changes (2)

Path

Size

www/

darkhttpd/

Makefile

distinfo

R11:1de880e0f627

View Options

www/darkhttpd/Makefile