Overview
Request 988945 accepted
- Fix request smuggling in HTTP::Daemon
(CVE-2022-31081, bsc#1201157)
* CVE-2022-31081.patch
* CVE-2022-31081-2.patch
- Created by ohollmann
- In state accepted
- Package maintainers: pgajdos and pmonrealgonzalez
Loading...
Could you please adapt cpanspec.yml with the changes, so they aren't lost with next auto-update?
CVE-2022-31081.patch: -p1 PATCH-FIX-SECURITY bsc#1201157 otto.hollmann@suse.com Fix request smuggling in HTTP::Daemon
and similar for the second one should produce correct results.
Use cpanspec from Factory or this repo and not outdated Leap-version.
These security patches are already accepted by upstream and will appear in next release. So it should be OK to lose them from spec file.
Or am I mistaken and should I update cpanspec anyway?
Anyway, I'm going to submit new changes because I forgot to include tests for this CVE, so let me know if I should also update cpanspec.
@pmonrealgonzalez: review reminder