-
Kyle Ambroff authored
svn merge -r98039:98711 svn+ssh://svn.lindenlab.com/svn/linden/branches/Branch_1-24-Server --> release Merging various security fixes from Branch_1-24-Server. Related to RequestXfer exploit: * DEV-21706 (SEC-188): llParticleSystem can be used to obtain asset id. * DEV-21767: Migrate RequestXfer to TCP-only * DEV-21765: Fix RequestXfer traversal exploit * DEV-21775: LLXferManager::processFileRequest() still has file vulnerabilities Various fixes: * fix for VFS memory corruption in llvfs. * Bump server version to 1.24.9. Landstore fixes: * Passing locale to fulfill-order-item from region reservation fulfillment.
Kyle Ambroff authoredsvn merge -r98039:98711 svn+ssh://svn.lindenlab.com/svn/linden/branches/Branch_1-24-Server --> release Merging various security fixes from Branch_1-24-Server. Related to RequestXfer exploit: * DEV-21706 (SEC-188): llParticleSystem can be used to obtain asset id. * DEV-21767: Migrate RequestXfer to TCP-only * DEV-21765: Fix RequestXfer traversal exploit * DEV-21775: LLXferManager::processFileRequest() still has file vulnerabilities Various fixes: * fix for VFS memory corruption in llvfs. * Bump server version to 1.24.9. Landstore fixes: * Passing locale to fulfill-order-item from region reservation fulfillment.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
llvfs.cpp 55.56 KiB