Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=9517d1e24fe97fdc13636401dd4b53816c2f6bc6
commit 9517d1e24fe97fdc13636401dd4b53816c2f6bc6 Author: VMiklos <[EMAIL PROTECTED]> Date: Sun Sep 23 13:56:21 2007 +0200 FSA278-lighttpd diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index ecad46d..7853a59 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -27,6 +27,18 @@ <fsas> <fsa> + <id>278</id> + <date>2007-09-23</date> + <author>vmiklos</author> + <package>lighttpd</package> + <vulnerable>1.4.16-1terminus1</vulnerable> + <unaffected>1.4.16-1terminus2</unaffected> + <bts>http://bugs.frugalware.org/task/2410</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4727</cve> + <desc>Mattias Bengtsson and Philip Olausson have reported a vulnerability in lighttpd, which can be exploited by malicious people to compromise a vulnerable system. + The vulnerability is caused due to an error in the mod_fastcgi extension when handling headers in a HTTP request. This can be exploited to e.g. add or replace PHP headers (e.g. SCRIPT_FILENAME) via a HTTP request containing an overly long header.</desc> + </fsa> + <fsa> <id>277</id> <date>2007-09-23</date> <author>vmiklos</author> _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
