[Secure-testing-team] Bug#832571: lighttpd: CVE-2016-100021: HTTP Server sets environmental variable HTTP_PROXY based on user supplied Proxy request header (httpoxy)
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 27 04:57:03 UTC 2016
Source: lighttpd
Version: 1.4.31-4
Severity: important
Tags: security upstream
Hi,
lighttpd added a mitigation for the httpoxy issue, like done for the
Apache webserver.
CVE-2016-1000212[0]:
Mitigation for HTTPoxy vulnerability
If you fix the issue please also make sure to include the CVE (Common
Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-1000212
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list