Bug 11516 - CVE-2007-1869 + CVE-2007-1870 in lighttpd
Summary: CVE-2007-1869 + CVE-2007-1870 in lighttpd
Status: CLOSED NOTABUG
Alias: None
Product: Sisyphus
Classification: Development
Component: lighttpd (show other bugs)
Version: unstable
Hardware: all Linux
: P2 normal
Assignee: Alexei Takaseev
QA Contact: qa-sisyphus
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-04-16 16:09 MSD by Igor Zubkov
Modified: 2007-04-16 16:30 MSD (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Vladimir V. Kamarzin 2007-04-16 16:20:58 MSD 
Already fixed in:

* Thu Feb 08 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.13-alt1.1607
- Updated to 1.4.x branch svn revision 1607
- Securuty fix:
  + Fix remote DOS in CRLF parsing
  + Fix a crash for files with an mtime of 0 reported by cubiq on irc
- Integrate lighttpd-1.4.3-config.patch

Чорт. Заметил опечатку :)
Comment 2 Igor Zubkov 2007-04-16 16:30:58 MSD 
(In reply to comment #1)
> Already fixed in:
> 
> * Thu Feb 08 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.13-alt1.1607
> - Updated to 1.4.x branch svn revision 1607
> - Securuty fix:
>   + Fix remote DOS in CRLF parsing
>   + Fix a crash for files with an mtime of 0 reported by cubiq on irc
> - Integrate lighttpd-1.4.3-config.patch
> 
> Чорт. Заметил опечатку :)

Ага. Понял. Я только на версию посмотрел. :(