git.openwrt.org Git - feed/routing.git/commit

author	Rob White <rob@blue-wave.net>
	Sat, 29 Jul 2023 18:26:10 +0000 (19:26 +0100)
committer	Moritz Warning <moritzwarning@web.de>
	Fri, 4 Aug 2023 16:41:18 +0000 (18:41 +0200)
commit	5b34377c66bfea7ea089bfe955fc854298536bc7
tree	94524b409ad7acb625bdc6f7bf37c83a798fb0ab	tree \| snapshot
parent	6fbf3b0caed80e6a9a329aabf87a3b8518dfc58a	commit \| diff

opennds: Release v10.1.2

Maintainer: Rob White rob@blue-wave.net

Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64

Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03

Description:
opennds (10.1.2)

Security Advisory. This version contains fixes for multiple potential security vulnerabilities
Credit - Stanislav Dashevskyi - standash.github.io [standash]
It also contains some minor bug fixes
  * Fix - Generate unique sha256 faskey if not set in config - CVE-2023-38324 [bluewavenet]
  * Fix - NULL pointer dereference if user_agent is NULL - CVE-2023-38320, CVE-2023-38322 [bluewavenet]
  * Fix - NULL pointer dereference if authdir is called with an incomplete or missing query string - CVE-2023-38313, CVE-2023-38314, CVE-2023-38315 [bluewavenet]
  * Fix - remove deprecated and non-functioning unescape callback - CVE-2023-38316 [bluewavenet]
  * Fix - prevent potential recursive dependency and detect if conflicting package is installed [bluewavenet]

Signed-off-by: Rob White <rob@blue-wave.net>
(cherry picked from commit 3eb9aa30566eb34608e6aacc55157dad46550a6a)