Bug 11516

Summary:	CVE-2007-1869 + CVE-2007-1870 in lighttpd
Product:	Sisyphus	Reporter:	Igor Zubkov <icesik>
Component:	lighttpd	Assignee:	Alexei Takaseev <taf>
Status:	CLOSED NOTABUG	QA Contact:	qa-sisyphus
Severity:	normal
Priority:	P2	CC:	taf
Version:	unstable
Hardware:	all
OS:	Linux

Description Igor Zubkov 2007-04-16 16:09:18 MSD

http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt
http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt

Solution:
Update to version 1.4.15

Comment 1 Vladimir V. Kamarzin 2007-04-16 16:20:58 MSD

Already fixed in:

* Thu Feb 08 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.13-alt1.1607
- Updated to 1.4.x branch svn revision 1607
- Securuty fix:
  + Fix remote DOS in CRLF parsing
  + Fix a crash for files with an mtime of 0 reported by cubiq on irc
- Integrate lighttpd-1.4.3-config.patch

Чорт. Заметил опечатку :)

Comment 2 Igor Zubkov 2007-04-16 16:30:58 MSD

(In reply to comment #1)
> Already fixed in:
> 
> * Thu Feb 08 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.13-alt1.1607
> - Updated to 1.4.x branch svn revision 1607
> - Securuty fix:
>   + Fix remote DOS in CRLF parsing
>   + Fix a crash for files with an mtime of 0 reported by cubiq on irc
> - Integrate lighttpd-1.4.3-config.patch
> 
> Чорт. Заметил опечатку :)

Ага. Понял. Я только на версию посмотрел. :(