lighttpd crash on mixed EOL sequences in mod_cgi
Bug #138309 reported by
Jamie Strandboge
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| lighttpd (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Bug Description
DoS crash from improper EOL handling in mod_cgi.c fixed in upstream 1.4.17. No CVE entry at this time.
| Changed in lighttpd: | |
| assignee: | nobody → jamie-strandboge |
| status: | New → In Progress |
| description: | updated |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #1 |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #2 |
| Changed in lighttpd: | |
| status: | In Progress → Fix Committed |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #3 |
| Changed in lighttpd: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
lighttpd 1.4.17 and higher is not affected. Patch can be found in upstream SVN revisions 1969 and 1971