* Steve Kemp <[EMAIL PROTECTED]> [2008-10-06 19:29:51 CEST]:
> CVE-2008-4298
> A memory leak in the http_request_parse function could be used by
> remote attackers to cause lighttpd to consume memory, and cause a
> denial of service attack.
>
> CVE-2008-4359
> Inconsistent handling of URL patterns could lead to the disclosure
> of resources a server administrator did not anticipate when using
> rewritten URLs.
>
> CVE-2008-4360
> Upon file systems which don't handle case-insensitive paths differently
> it might be possible that unanticipated resources could be made available
> by mod_userdir.
>
> For the stable distribution (etch), these problems have been fixed in version
> 1.4.13-4etch11.
>
> For the unstable distribution (sid), these problems will be fixed shortly.
From reading the changelog these issues have all three been addressed
in the 1.4.19-5 upload which was done a week ago already. Was this
missed, or are the patches therein considered incomplete?
Thanks,
Rhonda
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
