[Secure-testing-commits] r17711 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Tue Nov 29 23:02:50 UTC 2011
Author: gilbert-guest
Date: 2011-11-29 23:02:50 +0000 (Tue, 29 Nov 2011)
New Revision: 17711
Modified:
data/CVE/list
Log:
lighttpd issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-11-29 21:14:43 UTC (rev 17710)
+++ data/CVE/list 2011-11-29 23:02:50 UTC (rev 17711)
@@ -647,8 +647,12 @@
RESERVED
CVE-2011-4363
RESERVED
-CVE-2011-4362
+CVE-2011-4362 [lighttpd signedness issue dos]
RESERVED
+ - lighttpd <unfixed> (low)
+ NOTE: http://openwall.com/lists/oss-security/2011/11/29/8
+ NOTE: http://redmine.lighttpd.net/issues/2370
+ NOTE: the announcement says that the debian package is not affected, but there are no additional patches that would cause different behavior (i.e. the base64_reverse_table is the same in debian and upstream), so if upstream is affected, so too is the debian package
CVE-2011-4361
RESERVED
CVE-2011-4360
More information about the Secure-testing-commits
mailing list