[pkg-lighttpd] Bug#652726: CVE-2011-4362: DoS because of incorrect code in src/http_auth.c:67
Mahyuddin Susanto
udienz at ubuntu.com
Tue Dec 20 10:10:08 UTC 2011
Source: lighttpd
Version: 1.4.29-1, 1.4.28-2, 1.4.19-5+lenny2
Severity: grave
Tags: security upstream fixed-upstream
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
Security bug has been discovered in lighttpd:
DoS because of incorrect code in src/http_auth.c:67
This is CVE-2011-4362. Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4362
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4362
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4362
Upstream bug:
http://redmine.lighttpd.net/issues/2370
Upstream has providing patch:
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt
Would you please fixed packages for lenny and squeeze?
- -- System Information:
Debian Release: wheezy/sid
APT prefers experimental
APT policy: (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJO8F8AAAoJELmHbrCQs2xbxrwQAJ3Po5x92JYCCEtizufW3vDr
VCYJn86vuWXrn1h501SRljbALepDijJHjMXNHPZsavs4h6IDMoLaFYBWrfS97yLy
x1QetOxraG5Oso++LGItGi477W4W7KQf8UlO6TvRDBk+ccupS9MQrQYOZRYUcLvs
owgGOoM9N/z0TxxQmL8vHZtgOUeX8inFS2absB2lfZNRX8W56sLgVDRqhODMB2a7
+HqFvQgTDELi6ccYc51bZRNMO/2vHDE4ISowXeiDavrMbpLEqUwgxnItz9Cd4epj
WW9x43+SwEEwal8NObEAyv1qyhTfNaJWuR23wbn/Fd8pXPJ/3NTmyR+JamfRDzn8
jOy6b3LUVxQEjqY3QvDHOGLgFJFn8NXSm0Xd1Wb8th9UgnTJxSka5rysOs2+OV4c
LcXGXwbNV23H7x+n3aCYsuIyczhhqPO6zjFbi0saEWjSEkxD3Mf2My2Q3LKFH+fH
sVzolQSwLfMrqgxMO/tVKpV4gqQLIl/R5x7Qe3SPKoflEBovmjTVD3bqqGeP4+6b
EUz+pxphC4ruWPbOQkcFPBT7TpAwBHxHQjMebSSeOtpoLgtRhBq1TlKKGmvSSUmL
LYo7e5zFEIEmUETkRu3WlkSp8sMybza6SHlQNLkZKdh7xfTu1MpvWURe67P7zLGj
YV58hUsZzLxO4N5Q6oY5
=g3I9
-----END PGP SIGNATURE-----
More information about the pkg-lighttpd-maintainers
mailing list