2022-10-27 16:32:26 |
Malte S. Stretz |
bug |
|
|
added bug |
2022-10-27 16:32:26 |
Malte S. Stretz |
attachment added |
|
0001-mod_extforward-fix-out-of-bounds-OOB-write-of-4-byte.patch https://bugs.launchpad.net/bugs/1994989/+attachment/5627289/+files/0001-mod_extforward-fix-out-of-bounds-OOB-write-of-4-byte.patch |
|
2022-10-27 16:32:37 |
Malte S. Stretz |
information type |
Private Security |
Public Security |
|
2022-10-27 16:33:25 |
Malte S. Stretz |
cve linked |
|
2022-22707 |
|
2022-10-27 16:34:04 |
Malte S. Stretz |
description |
While debugging some odd and probably extforward related logging issue on one of my machines I stumbled upon CVE-2022-22707 which affects the lighttpd version in jammy (and focal; bionic is fine).
Since the version in kinetic is fixed it should probably just be backported to jammy.
There is also a simple patch attached to https://redmine.lighttpd.net/issues/3134 which I attached here. |
While debugging some odd and probably extforward related logging issue on one of my machines I stumbled upon CVE-2022-22707 which affects the lighttpd version in jammy (and focal; bionic is fine). It is untriaged
according to https://ubuntu.com/security/CVE-2022-22707
Since the version in kinetic is fixed it should probably just be backported to jammy.
There is also a simple patch attached to https://redmine.lighttpd.net/issues/3134 which I attached here. |
|
2022-11-04 12:19:59 |
Marc Deslauriers |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2022-11-09 12:39:47 |
Eduardo Barretto |
lighttpd (Ubuntu): status |
New |
Confirmed |
|
2023-02-09 13:10:47 |
Marc Deslauriers |
removed subscriber Ubuntu Security Sponsors Team |
|
|
|
2023-02-14 04:21:14 |
Jack Fewx |
cve linked |
|
2022-41556 |
|
2023-02-14 04:21:14 |
Jack Fewx |
attachment added |
|
Debdiff containing 2 CVE patches https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/1994989/+attachment/5646933/+files/lighttpd_1.4.63-1ubuntu4.debdiff |
|
2023-02-14 23:49:15 |
Alex Murray |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2023-02-16 16:49:31 |
Paulo Flabiano Smorigo |
lighttpd (Ubuntu): assignee |
|
Paulo Flabiano Smorigo (pfsmorigo) |
|
2023-02-16 16:50:37 |
Paulo Flabiano Smorigo |
nominated for series |
|
Ubuntu Kinetic |
|
2023-02-16 16:50:37 |
Paulo Flabiano Smorigo |
bug task added |
|
lighttpd (Ubuntu Kinetic) |
|
2023-02-16 16:50:37 |
Paulo Flabiano Smorigo |
nominated for series |
|
Ubuntu Jammy |
|
2023-02-16 16:50:37 |
Paulo Flabiano Smorigo |
bug task added |
|
lighttpd (Ubuntu Jammy) |
|
2023-02-16 16:50:37 |
Paulo Flabiano Smorigo |
nominated for series |
|
Ubuntu Focal |
|
2023-02-16 16:50:37 |
Paulo Flabiano Smorigo |
bug task added |
|
lighttpd (Ubuntu Focal) |
|
2023-02-16 16:50:50 |
Paulo Flabiano Smorigo |
lighttpd (Ubuntu Jammy): assignee |
|
Paulo Flabiano Smorigo (pfsmorigo) |
|
2023-02-17 02:55:43 |
Jack Fewx |
attachment added |
|
Focal debdiff https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/1994989/+attachment/5647925/+files/lighttpd_1.4.55-1ubuntu1.20.04.2.debdiff |
|
2023-02-17 02:56:16 |
Jack Fewx |
attachment added |
|
Kinetic debdiff https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/1994989/+attachment/5647926/+files/lighttpd_1.4.65-2ubuntu1.1.debdiff |
|
2023-02-17 13:34:01 |
Paulo Flabiano Smorigo |
lighttpd (Ubuntu Focal): assignee |
|
Paulo Flabiano Smorigo (pfsmorigo) |
|
2023-02-17 13:34:03 |
Paulo Flabiano Smorigo |
lighttpd (Ubuntu Kinetic): assignee |
|
Paulo Flabiano Smorigo (pfsmorigo) |
|
2023-02-27 19:28:24 |
Launchpad Janitor |
lighttpd (Ubuntu Kinetic): status |
New |
Fix Released |
|
2023-02-27 19:28:27 |
Launchpad Janitor |
lighttpd (Ubuntu Focal): status |
New |
Fix Released |
|
2023-02-27 19:42:11 |
Launchpad Janitor |
lighttpd (Ubuntu Jammy): status |
New |
Fix Released |
|
2023-03-01 13:23:30 |
Paulo Flabiano Smorigo |
lighttpd (Ubuntu): status |
Confirmed |
Fix Released |
|