[Debian-iot-maintainers] Bug#994763: ulfius: Fix CVE-2021-40540 in bullseye
Nicolas Mora
babelouest at debian.org
Mon Sep 20 16:43:55 BST 2021
Source: ulfius
Version: 2.7.1-1
Severity: important
Tags: patch
-- System Information:
Debian Release: 11.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
-------------- next part --------------
Description: Fix CVE-2021-40540
Author: Nicolas Mora <babelouest at debian.org>
Forwarded: not-needed
--- a/src/ulfius.c
+++ b/src/ulfius.c
@@ -207,6 +207,7 @@
UNUSED(cls);
if (con_info != NULL) {
+ memset(con_info, 0, sizeof(struct connection_info_struct));
con_info->callback_first_iteration = 1;
con_info->u_instance = NULL;
u_map_init(&con_info->map_url_initial);
More information about the Debian-iot-maintainers
mailing list