* Steve Kemp <[EMAIL PROTECTED]> [2008-10-06 19:29:51 CEST]: > CVE-2008-4298 > A memory leak in the http_request_parse function could be used by > remote attackers to cause lighttpd to consume memory, and cause a > denial of service attack. > > CVE-2008-4359 > Inconsistent handling of URL patterns could lead to the disclosure > of resources a server administrator did not anticipate when using > rewritten URLs. > > CVE-2008-4360 > Upon file systems which don't handle case-insensitive paths differently > it might be possible that unanticipated resources could be made available > by mod_userdir. > > For the stable distribution (etch), these problems have been fixed in version > 1.4.13-4etch11. > > For the unstable distribution (sid), these problems will be fixed shortly.
From reading the changelog these issues have all three been addressed in the 1.4.19-5 upload which was done a week ago already. Was this missed, or are the patches therein considered incomplete? Thanks, Rhonda -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]