Comment 1 Christian Hoffmann (RETIRED) 2008-03-12 21:10:55 UTC

... because Lfe from #lighttpd pinged me ;)

I don't think this has high priority for us, as using case-insensitive file systems for web-accessible content is not really that common on Linux, I'd say.

Thanks armin76 ;)

can someone please add CVE-2008-1270?

Comment 3 Raúl Porcel (RETIRED) 2008-03-13 14:48:33 UTC

Done

Comment 4 Robert Buchholz (RETIRED) 2008-03-13 15:00:26 UTC

Removed the CVE again, it's the other bug.

Comment 5 Robert Buchholz (RETIRED) 2008-03-21 02:21:09 UTC

please bump here

Comment 6 Thilo Bangert (RETIRED) (RETIRED) 2008-03-25 21:37:18 UTC

1.4.19 is in the tree which applies the linked patch...

Comment 7 Robert Buchholz (RETIRED) 2008-03-26 01:34:08 UTC

Arches, please test and mark stable:
=www-servers/lighttpd-1.4.19
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86"

Comment 8 Markus Rothe (RETIRED) 2008-03-26 10:03:01 UTC

ppc64 stable

Comment 9 Raúl Porcel (RETIRED) 2008-03-26 10:51:57 UTC

alpha/ia64/sparc stable

Comment 10 Thilo Bangert (RETIRED) (RETIRED) 2008-03-26 18:20:38 UTC

1.4.19-r1 will hit the tree in a sec. see also bug #214892

Comment 11 Robert Buchholz (RETIRED) 2008-04-03 22:42:17 UTC

Closing [noglsa] since bug a version fixing this vulnerability is now stable and this bug is not subject to GLSA processing because of the C4 status.