[Secure-testing-team] Bug#755197: bozohttpd: security hole: basic http authentication bypass
Perry E. Metzger
perry at piermont.com
Fri Jul 18 17:59:14 UTC 2014
Package: bozohttpd
Version: 20111118-1
Severity: grave
Tags: security upstream
Justification: user security hole
Dear Maintainer,
The upstream version of the program has a hole in basic http authentication.
It has been patched in the latest version available from the author.
See: http://www.eterna.com.au/bozohttpd/ for details
-- System Information:
Debian Release: 7.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages bozohttpd depends on:
ii libc6 2.13-38+deb7u3
ii libssl1.0.0 1.0.1e-2+deb7u11
ii openbsd-inetd [inet-superserver] 0.20091229-2
bozohttpd recommends no packages.
bozohttpd suggests no packages.
-- no debconf information
More information about the Secure-testing-team
mailing list