[pkg-lighttpd] httpoxy Security Vulnerability in Lighttpd
Yves-Alexis Perez
corsac at debian.org
Tue Jul 26 19:52:52 UTC 2016
On mer., 2016-07-20 at 12:09 +0200, Timo Sigurdsson wrote:
>
> as the HTTPOXY vulnerability is gaining media attention [1] and the upstream
> maintainers of Lighttpd already having applied a patch for the issue in
> their source repository [2], I was wondering if the patch will be backported
> to the Lighttpd packages available in Debian. Since I'm not a developer, I
> cannot assess to which extent this is possible or even neccessary for the
> versions shipped in Debian, but I thought I might ask and point you to it,
> in case you haven't noticed yet. Thank you!
Hi,
since the bug is public, please open a bug on the Debian BTS (if there's not
one already) providing the details you have, so someone can work on an update
for the current supported releases.
Regards,
--
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-lighttpd-maintainers/attachments/20160726/32a923e8/attachment.sig>
More information about the pkg-lighttpd-maintainers
mailing list