[pkg-lighttpd] Bug#741493: lighttpd: SA_2014_01
Stefan Bühler
stbuehler at lighttpd.net
Sun Mar 16 23:39:08 UTC 2014
Hi!
On Sun, 16 Mar 2014 18:52:07 -0400
Michael Gilbert <mgilbert at debian.org> wrote:
> Hi, here is the patch for the security upload.
>
> Best wishes,
> Mike
a) I'd treat it as one patch. In any case the hostname patch fixes both
CVE ids - assigning it to only the path traversal just isn't right.
(I'm not happy with two ids anyway, but splitting the patch only makes
it worse.)
b) If you can't copy utf8 chars, s/ü/ue/, s/ä/ae/, s/ö/oe/ :)
regards,
Stefan Bühler
More information about the pkg-lighttpd-maintainers
mailing list