From ${URL} : I've found an issue on the way as Monkey HTTPD handle the Range HTTP header when receiving Range:bytes=N-N where N is the exact file size, which causes the thread to go into an infinite loop, hence keeping the server busy on each request until a server shutdown. More details on bug report at http://bugs.monkey-project.com/ticket/184 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
(In reply to Agostino Sarubbo from comment #0) > From ${URL} : > > I've found an issue on the way as Monkey HTTPD handle the Range HTTP header > when receiving Range:bytes=N-N where N is the exact file size, which causes > the > thread to go into an infinite loop, hence keeping the server busy on each > request until a server shutdown. > > More details on bug report at http://bugs.monkey-project.com/ticket/184 > > > > @maintainer(s): after the bump, in case we need to stabilize the package, > please say explicitly if it is ready for the stabilization or not. Thanks ago for following all these security notices for me (and the rest of us). Right now, the issues against monkeyd are coming fast. I had 1.2.0 in the tree, then I backported a fix for the DoS header issue, bug #472400, then 1.2.1 came out and now this. Its best to hold until things settle down.
This is fixed in 1.2.2 which I just added to the tree, but there are still more security bugs against monkeyd.
Note that monkeyd needs a GLSA anyway, bug 472400 is a B2.
Added to existing request.
This issue was resolved and addressed in GLSA 201309-17 at http://security.gentoo.org/glsa/glsa-201309-17.xml by GLSA coordinator Chris Reffett (creffett).
