[ubuntu/xenial-security] uwsgi 2.0.12-5ubuntu3.2 (Accepted)
Mike Salvatore
mike.salvatore at canonical.com
Mon Oct 1 13:02:01 UTC 2018
uwsgi (2.0.12-5ubuntu3.2) xenial-security; urgency=medium
* SECURITY UPDATE: Directory traversal
- debian/patches/CVE-2018-7490.patch: enforce php default document_root
behaviour, to not show external files
- CVE-2018-7490
* SECURITY UPDATE: Stack buffer overflow in uwsgi_expand_path()
- debian/patches/CVE-2018-6758.patch: improve uwsgi_expand_path() to
sanitize input, avoiding stack corruption and potential security issue
- CVE-2018-6758
Date: 2018-09-28 15:31:12.640116+00:00
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
https://launchpad.net/ubuntu/+source/uwsgi/2.0.12-5ubuntu3.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list