Gentoo Bug 213164 - www-servers/lighttpd <1.4.19 server.force-lowercase-filenames doesn't work inside userdir's

First Last Prev Next No search results available Search page Enter new bug

Bug#:	213164
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Raúl Porcel <armin76@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 213164 depends on:	214892		Show dependency tree
Bug 213164 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-03-12 15:58 0000

hoffie reported it

------- Comment #1 From Christian Hoffmann 2008-03-12 21:10:55 0000 -------

... because Lfe from #lighttpd pinged me ;)

I don't think this has high priority for us, as using case-insensitive file
systems for web-accessible content is not really that common on Linux, I'd say.

Thanks armin76 ;)

------- Comment #2 From Lars Hartmann 2008-03-13 14:04:23 0000 -------

can someone please add CVE-2008-1270?

------- Comment #3 From Raúl Porcel 2008-03-13 14:48:33 0000 -------

Done

------- Comment #4 From Robert Buchholz 2008-03-13 15:00:26 0000 -------

Removed the CVE again, it's the other bug.

------- Comment #5 From Robert Buchholz 2008-03-21 02:21:09 0000 -------

please bump here

------- Comment #6 From Thilo Bangert 2008-03-25 21:37:18 0000 -------

1.4.19 is in the tree which applies the linked patch...

------- Comment #7 From Robert Buchholz 2008-03-26 01:34:08 0000 -------

Arches, please test and mark stable:
=www-servers/lighttpd-1.4.19
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86"

------- Comment #8 From Markus Rothe 2008-03-26 10:03:01 0000 -------

ppc64 stable

------- Comment #9 From Raúl Porcel 2008-03-26 10:51:57 0000 -------

alpha/ia64/sparc stable

------- Comment #10 From Thilo Bangert 2008-03-26 18:20:38 0000 -------

1.4.19-r1 will hit the tree in a sec. see also bug #214892

------- Comment #11 From Robert Buchholz 2008-04-03 22:42:17 0000 -------

Closing [noglsa] since bug a version fixing this vulnerability is now stable
and this bug is not subject to GLSA processing because of the C4 status.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 213164

www-servers/lighttpd <1.4.19 server.force-lowercase-filenames doesn't work inside userdir's

Last modified: 2008-04-03 22:42:17 0000