[v2.7] mini_httpd: Protocol String Handling Memory Disclosure (CVE-2015-1548)

Info: mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.

Please provide mini_httpd 1.23 or later version.
Also if possible please backport it to 2.7 and higher repositories.

Thank you very much!

(from redmine: issue id 5905, created on 2016-07-14, closed on 2016-07-14)

Relations:
- parent #5900 (closed)
Changesets:
- Revision 46cc566b by Natanael Copa on 2016-07-14T13:40:05Z:

main/mini_httpd: security upgrade to 1.23 (CVE-2015-1548)

fixes #5905

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information