[pkg-lighttpd] httpoxy Security Vulnerability in Lighttpd
Timo Sigurdsson
public_timo.s at silentcreek.de
Wed Jul 20 10:09:38 UTC 2016
Dear maintainers,
as the HTTPOXY vulnerability is gaining media attention [1] and the upstream maintainers of Lighttpd already having applied a patch for the issue in their source repository [2], I was wondering if the patch will be backported to the Lighttpd packages available in Debian. Since I'm not a developer, I cannot assess to which extent this is possible or even neccessary for the versions shipped in Debian, but I thought I might ask and point you to it, in case you haven't noticed yet. Thank you!
Kind regards,
Timo Sigurdsson
[1] https://httpoxy.org/
[2] https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/779c133c16f9af168b004dce7a2a64f16c1cb3a4/diff
More information about the pkg-lighttpd-maintainers
mailing list