Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 668828

Summary: www-servers/lighttpd: some security fixes in release
Product: Gentoo Security Reporter: Alexandr Tiurin <alexanderyt>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: minor CC: zlogene
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.lighttpd.net/2018/10/14/1.4.51/
Whiteboard: C3 [ebuild]
Package list:
Runtime testing required: ---

Description Alexandr Tiurin 2018-10-16 20:12:46 UTC 
[core,security] process headers after combining folded headers
[mod_userdir] security: skip username “.” and “..”

Please see $URL



Reproducible: Always
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2018-11-13 00:47:57 UTC 
Not much information other then the notes in here. Setting to B3 potential symlink attack.

Fixed in version 1.4.51
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-11-23 23:21:33 UTC 
1.4.51 is not in the tree...
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-11-24 10:56:52 UTC 

*** This bug has been marked as a duplicate of bug 671034 ***