Still Failing: openssl/openssl#29680 (OpenSSL_1_1_1-stable - 325c9ac)

Travis CI builds at travis-ci.org
Mon Oct 28 14:41:26 UTC 2019


Build Update for openssl/openssl
-------------------------------------

Build: #29680
Status: Still Failing

Duration: 28 mins and 49 secs
Commit: 325c9ac (OpenSSL_1_1_1-stable)
Author: Matt Caswell
Message: Fix an s_server arbitrary file read issue on Windows

Running s_server in WWW mode on Windows can allow a client to read files
outside the s_server directory by including backslashes in the name, e.g.

GET /..\myfile.txt HTTP/1.0

There exists a check for this for Unix paths but it is not sufficient
for Windows.

Since s_server is a test tool no CVE is assigned.

Thanks to Jobert Abma for reporting this.

Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10215)

(cherry picked from commit 0a4d6c67480a4d2fce514e08d3efe571f2ee99c9)

View the changeset: https://github.com/openssl/openssl/compare/3a9080d6f486...325c9ac198c8

View the full build log and details: https://travis-ci.org/openssl/openssl/builds/603905531?utm_medium=notification&utm_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-commits/attachments/20191028/31ce8c47/attachment.html>


More information about the openssl-commits mailing list