[pkg-lighttpd] CVE-2008-4359
Davide Ferrari
davide.ferrari at atrapalo.com
Tue Nov 17 17:16:40 UTC 2009
Hi
I'm hit by the CVE-2008-4359 which broke my regexp for Mediawiki URL handling
in lighttpd 1.4.13-4etch11.
Upstream has reverted it long time ago [1] so can you please revert this patch
as well? It's totally impossibile in Etch's lighttpd to distinguish between
the parameters separator "?" and another generic %3F.
I didn't open a bug cause I want to know your opinion.
TIA
[1] http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2362
--
Davide Ferrari
Atrapalo.com System Administrator
More information about the pkg-lighttpd-maintainers
mailing list