lighttpd CVE-2022-22707
Bug #1994989 reported by
Malte S. Stretz
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lighttpd (Ubuntu) |
Fix Released
|
Undecided
|
Paulo Flabiano Smorigo | ||
Focal |
Fix Released
|
Undecided
|
Paulo Flabiano Smorigo | ||
Jammy |
Fix Released
|
Undecided
|
Paulo Flabiano Smorigo | ||
Kinetic |
Fix Released
|
Undecided
|
Paulo Flabiano Smorigo |
Bug Description
While debugging some odd and probably extforward related logging issue on one of my machines I stumbled upon CVE-2022-22707 which affects the lighttpd version in jammy (and focal; bionic is fine). It is untriaged
according to https:/
Since the version in kinetic is fixed it should probably just be backported to jammy.
There is also a simple patch attached to https:/
CVE References
Changed in lighttpd (Ubuntu): | |
assignee: | nobody → Paulo Flabiano Smorigo (pfsmorigo) |
Changed in lighttpd (Ubuntu Jammy): | |
assignee: | nobody → Paulo Flabiano Smorigo (pfsmorigo) |
Changed in lighttpd (Ubuntu): | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better.
I've taken the time to triage some lighttpd CVEs and that should soon be reflected in the CVE web page.
I've downgraded the priority for that CVE specifically as it is 32-bit specific and hard to exploit according to upstream.
Since the package referred to in this bug is in universe, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res