pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/net/syncthing



Module Name:    pkgsrc
Committed By:   abs
Date:           Tue May 10 11:06:35 UTC 2016

Modified Files:
        pkgsrc/net/syncthing: Makefile distinfo

Log Message:
Updated net/syncthing to 0.12.23

This is a security release to fix three vulnerabilities all related
to the possibility of the automatic upgrade response being intercepted
by a man-in-the-middle. In one case, a downgrade could be enforced
by the attacker; in another, a denial of service could be created
by serving a malformed package archive; in the third, an XSS attack
could be performed against the local web UI. These were all reported
by Sebastian Py.

- lib/upgrade: Enforce limits on download archives (fixes #3045) (calmh)
- lib/upgrade: Auto upgrade signature should cover version & arch (fixes #3044) (calmh)
- gui: Backport angular and angular-translate updates from master (calmh)


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/syncthing/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/net/syncthing/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index