Summary: | overflow in www-servers/mini_httpd | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | ta2002 <throw_away_2002> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | www-servers+disabled |
Priority: | Normal | Keywords: | PMASKED |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
ta2002
2010-01-23 13:03:49 UTC
Will treeclean this then (In reply to comment #1) > Will treeclean this then I agree, that code base is ancient. On a related note, I just asked upstream about thttpd which they also developed. Although more popular, that code base is also old and we have eleven patches in the tree to address issues back to 2006. If upstream is not willing to start incorporating some of the more fundamental fixes, then I think thttpd may be slated for the same fate. (In reply to comment #2) > (In reply to comment #1) > > Will treeclean this then > > I agree, that code base is ancient. > > On a related note, I just asked upstream about thttpd which they also > developed. Although more popular, that code base is also old and we have > eleven patches in the tree to address issues back to 2006. If upstream is > not willing to start incorporating some of the more fundamental fixes, then > I think thttpd may be slated for the same fate. Opened bug 409553 for that issue then ;) dropped I am going to rate this as info leak. GLSA Vote: no. Sorry, I guess I missed this the other day when I did the GLSA for bug 303755. GLSA vote: no. Closing noglsa. |