| Summary: | www-servers/lighttpd <1.4.19 server.force-lowercase-filenames doesn't work inside userdir's | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Raúl Porcel (RETIRED) <armin76> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | hoffie, www-servers+disabled |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://trac.lighttpd.net/trac/ticket/1589 | ||
| Whiteboard: | C4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 214892 | ||
| Bug Blocks: | |||
|
Description
Raúl Porcel (RETIRED)
2008-03-12 15:58:29 UTC
... because Lfe from #lighttpd pinged me ;) I don't think this has high priority for us, as using case-insensitive file systems for web-accessible content is not really that common on Linux, I'd say. Thanks armin76 ;) can someone please add CVE-2008-1270? Done Removed the CVE again, it's the other bug. please bump here 1.4.19 is in the tree which applies the linked patch... Arches, please test and mark stable: =www-servers/lighttpd-1.4.19 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86" ppc64 stable alpha/ia64/sparc stable 1.4.19-r1 will hit the tree in a sec. see also bug #214892 Closing [noglsa] since bug a version fixing this vulnerability is now stable and this bug is not subject to GLSA processing because of the C4 status. |