CVE-2010-2195 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2195): bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows attackers to cause a denial of service via vectors related to a "wrong code generation interaction with GCC."
CVE-2010-2320 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2320): bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences.
Unaffected version of bozohttpd has just been added to the tree. As soon as it gets stabilized we can hard mask the only affected version remaining.
(In reply to comment #2) > Unaffected version of bozohttpd has just been added to the tree. As soon as it > gets stabilized we can hard mask the only affected version remaining. > Unless you have a very good reason why it should stay, it should be removed.
Arches, please test and mark stable: =www-servers/bozohttpd-20100621 Target keywords : "x86"
(In reply to comment #3) > Unless you have a very good reason why it should stay, it should be removed. Uh, well, yes, of course it should be removed ;-)
x86 stable
Wiped out affected version.
(In reply to comment #7) > Wiped out affected version. > Please don't close bugs assigned to security@. GLSA vote: NO
(In reply to comment #8) > Please don't close bugs assigned to security@. I have got a lot to learn, it seems :-)
Vote: NO, closing noglsa, feel free to reopen if you thing otherwise.