Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 714084 (CVE-2018-21245)

Summary: www-servers/pound: HTTP request smuggling (CVE-2018-21245)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: patrick
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [ebuild]
Package list:
Runtime testing required: ---
Bug Depends on: 674064    
Bug Blocks:    

Description Sam James archtester gentoo-dev Security 2020-03-23 16:05:17 UTC
Fixed in Pound 2.8:
> ...
>- fixed potential request smuggling via fudged headers
Comment 1 Sam James archtester gentoo-dev Security 2020-03-24 00:03:51 UTC
Cannot bump to new 2.8 due to bug 674064. 2.8 has not fixed this.