Still Failing: openssl/openssl#29680 (OpenSSL_1_1_1-stable - 325c9ac)
Travis CI
builds at travis-ci.org
Mon Oct 28 14:41:26 UTC 2019
Build Update for openssl/openssl
-------------------------------------
Build: #29680
Status: Still Failing
Duration: 28 mins and 49 secs
Commit: 325c9ac (OpenSSL_1_1_1-stable)
Author: Matt Caswell
Message: Fix an s_server arbitrary file read issue on Windows
Running s_server in WWW mode on Windows can allow a client to read files
outside the s_server directory by including backslashes in the name, e.g.
GET /..\myfile.txt HTTP/1.0
There exists a check for this for Unix paths but it is not sufficient
for Windows.
Since s_server is a test tool no CVE is assigned.
Thanks to Jobert Abma for reporting this.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10215)
(cherry picked from commit 0a4d6c67480a4d2fce514e08d3efe571f2ee99c9)
View the changeset: https://github.com/openssl/openssl/compare/3a9080d6f486...325c9ac198c8
View the full build log and details: https://travis-ci.org/openssl/openssl/builds/603905531?utm_medium=notification&utm_source=email
--
You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-commits/attachments/20191028/31ce8c47/attachment.html>
More information about the openssl-commits
mailing list