Hi, I just had a look at boa, which is affected by CVE-2017-9833.
IMHO, I do not think it's worth taking time for this completely outdated, single-tasking, potentially dangerous webserver. It hasn't seen an update for 12+ years (last rc 2005?), doesn't support SSL, access authentication, etc. Does anybody know whether our sponsors have interest in boa ? Otherwise I think we should declare it unsupported. Cheers, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
signature.asc
Description: PGP signature