stable

caddy-1.0.5-1.el7

FEDORA-EPEL-2023-284c34a6cc created by carlwgeorge a year ago for Fedora EPEL 7

This updates takes the package from version 1.0.3 to 1.0.5, the most recent version in the v1 branch. It provides fixes for two CVEs:

  • CVE-2022-3064, resolved by updating the bundled gopkg.in/yaml.v2 to 2.2.4
  • CVE-2022-41717, resolved by building with golang 1.19.10

This update has been submitted for testing by carlwgeorge.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
approved
a year ago
BZ#2163539 CVE-2022-3064 caddy: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents [epel-7]
0
0
BZ#2163603 CVE-2022-41717 caddy: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-7]
0
0

Automated Test Results