Source: lighttpd Version: 1.4.29-1, 1.4.28-2, 1.4.19-5+lenny2 Severity: grave Tags: security upstream fixed-upstream
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear Maintainer, Security bug has been discovered in lighttpd: DoS because of incorrect code in src/http_auth.c:67 This is CVE-2011-4362. Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4362 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4362 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4362 Upstream bug: http://redmine.lighttpd.net/issues/2370 Upstream has providing patch: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt Would you please fixed packages for lenny and squeeze? - -- System Information: Debian Release: wheezy/sid APT prefers experimental APT policy: (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJO8F8AAAoJELmHbrCQs2xbxrwQAJ3Po5x92JYCCEtizufW3vDr VCYJn86vuWXrn1h501SRljbALepDijJHjMXNHPZsavs4h6IDMoLaFYBWrfS97yLy x1QetOxraG5Oso++LGItGi477W4W7KQf8UlO6TvRDBk+ccupS9MQrQYOZRYUcLvs owgGOoM9N/z0TxxQmL8vHZtgOUeX8inFS2absB2lfZNRX8W56sLgVDRqhODMB2a7 +HqFvQgTDELi6ccYc51bZRNMO/2vHDE4ISowXeiDavrMbpLEqUwgxnItz9Cd4epj WW9x43+SwEEwal8NObEAyv1qyhTfNaJWuR23wbn/Fd8pXPJ/3NTmyR+JamfRDzn8 jOy6b3LUVxQEjqY3QvDHOGLgFJFn8NXSm0Xd1Wb8th9UgnTJxSka5rysOs2+OV4c LcXGXwbNV23H7x+n3aCYsuIyczhhqPO6zjFbi0saEWjSEkxD3Mf2My2Q3LKFH+fH sVzolQSwLfMrqgxMO/tVKpV4gqQLIl/R5x7Qe3SPKoflEBovmjTVD3bqqGeP4+6b EUz+pxphC4ruWPbOQkcFPBT7TpAwBHxHQjMebSSeOtpoLgtRhBq1TlKKGmvSSUmL LYo7e5zFEIEmUETkRu3WlkSp8sMybza6SHlQNLkZKdh7xfTu1MpvWURe67P7zLGj YV58hUsZzLxO4N5Q6oY5 =g3I9 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org