lighttpd crash on mixed EOL sequences in mod_cgi

Bug #138309 reported by Jamie Strandboge on 2007-09-08
254
Affects Status Importance Assigned to Milestone
lighttpd (Ubuntu)
Undecided
Jamie Strandboge

Bug Description

DoS crash from improper EOL handling in mod_cgi.c fixed in upstream 1.4.17. No CVE entry at this time.

Changed in lighttpd:
assignee: nobody → jamie-strandboge
status: New → In Progress
description: updated
Jamie Strandboge (jdstrand) wrote :

lighttpd 1.4.17 and higher is not affected. Patch can be found in upstream SVN revisions 1969 and 1971

Jamie Strandboge (jdstrand) wrote :

Disregard previous comment. SVN 1925 fixes this issue, not 1969 and 1971.

Changed in lighttpd:
status: In Progress → Fix Committed
Jamie Strandboge (jdstrand) wrote :

Fix released on Dapper, Edgy and Feisty

Changed in lighttpd:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers