Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 213164 - www-servers/lighttpd <1.4.19 server.force-lowercase-filenames doesn't work inside userdir's
Summary: www-servers/lighttpd <1.4.19 server.force-lowercase-filenames doesn't work in...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: C4 [noglsa]
Depends on: 214892
  Show dependency tree
Reported: 2008-03-12 15:58 UTC by Raúl Porcel (RETIRED)
Modified: 2008-04-03 22:42 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Raúl Porcel (RETIRED) gentoo-dev 2008-03-12 15:58:29 UTC
hoffie reported it
Comment 1 Christian Hoffmann (RETIRED) gentoo-dev 2008-03-12 21:10:55 UTC
... because Lfe from #lighttpd pinged me ;)

I don't think this has high priority for us, as using case-insensitive file systems for web-accessible content is not really that common on Linux, I'd say.

Thanks armin76 ;)
Comment 2 Lars Hartmann 2008-03-13 14:04:23 UTC
can someone please add CVE-2008-1270?
Comment 3 Raúl Porcel (RETIRED) gentoo-dev 2008-03-13 14:48:33 UTC
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-03-13 15:00:26 UTC
Removed the CVE again, it's the other bug.
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2008-03-21 02:21:09 UTC
please bump here
Comment 6 Thilo Bangert (RETIRED) (RETIRED) gentoo-dev 2008-03-25 21:37:18 UTC
1.4.19 is in the tree which applies the linked patch...
Comment 7 Robert Buchholz (RETIRED) gentoo-dev 2008-03-26 01:34:08 UTC
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86"
Comment 8 Markus Rothe (RETIRED) gentoo-dev 2008-03-26 10:03:01 UTC
ppc64 stable
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2008-03-26 10:51:57 UTC
alpha/ia64/sparc stable
Comment 10 Thilo Bangert (RETIRED) (RETIRED) gentoo-dev 2008-03-26 18:20:38 UTC
1.4.19-r1 will hit the tree in a sec. see also bug #214892
Comment 11 Robert Buchholz (RETIRED) gentoo-dev 2008-04-03 22:42:17 UTC
Closing [noglsa] since bug a version fixing this vulnerability is now stable and this bug is not subject to GLSA processing because of the C4 status.