Description: "An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted filename. NOTE: this is similar to CVE-2017-10671, but occurs in a different part of the de_dotdot function."
Package list is empty or all packages have requested keywords.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a837f2817c7045a3155e186f23df725f5518a69 commit 9a837f2817c7045a3155e186f23df725f5518a69 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-08-16 18:30:06 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-16 20:05:07 +0000 profiles: last rite thttpd Bug: https://bugs.gentoo.org/769758 Signed-off-by: John Helmert III <ajak@gentoo.org> profiles/package.mask | 5 +++++ 1 file changed, 5 insertions(+)
(In reply to Larry the Git Cow from comment #7) > The bug has been referenced in the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=9a837f2817c7045a3155e186f23df725f5518a69 > > commit 9a837f2817c7045a3155e186f23df725f5518a69 > Author: John Helmert III <ajak@gentoo.org> > AuthorDate: 2022-08-16 18:30:06 +0000 > Commit: John Helmert III <ajak@gentoo.org> > CommitDate: 2022-08-16 20:05:07 +0000 > > profiles: last rite thttpd > > Bug: https://bugs.gentoo.org/769758 > Signed-off-by: John Helmert III <ajak@gentoo.org> > > profiles/package.mask | 5 +++++ > 1 file changed, 5 insertions(+) Good bye my old friend ;)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44bfe46214a944653ef401cc30789b44b71e1957 commit 44bfe46214a944653ef401cc30789b44b71e1957 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-09-18 21:13:44 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-18 21:13:44 +0000 www-servers/thttpd: treeclean Bug: https://bugs.gentoo.org/769758 Signed-off-by: John Helmert III <ajak@gentoo.org> profiles/package.mask | 5 - www-servers/thttpd/Manifest | 1 - .../thttpd/files/thttpd-renamed-htpasswd.patch | 108 --------------------- www-servers/thttpd/files/thttpd.conf.sample | 38 -------- www-servers/thttpd/files/thttpd.confd.1 | 35 ------- www-servers/thttpd/files/thttpd.init.1 | 34 ------- www-servers/thttpd/files/thttpd.logrotate | 12 --- www-servers/thttpd/metadata.xml | 11 --- www-servers/thttpd/thttpd-2.27.1-r2.ebuild | 67 ------------- www-servers/thttpd/thttpd-9999.ebuild | 67 ------------- 10 files changed, 378 deletions(-)