lighttpd: Repeatable --- SIGSEGV (Segmentation fault) @ 0 (0) ---

Debian Bug report logs - #428368
lighttpd: Repeatable --- SIGSEGV (Segmentation fault) @ 0 (0) ---

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Olaf van der Spek <OlafvdSpek@GMail.Com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: lighttpd: Repeatable --- SIGSEGV (Segmentation fault) @ 0 (0) ---

Date: Mon, 11 Jun 2007 11:45:59 +0200

Package: lighttpd
Version: 1.4.13-4etch4
Severity: important

Hi,

If I repeat this request, Lighttpd crashes.

GET / HTTP/1.1
Connection: keep-alive
Host: h
Location: h
Location: h
 i

poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN, revents=POLLIN}], 2, 1000) = 1
ioctl(6, FIONREAD, [16])                = 0
read(6, "GET / HTTP/1.1\r\n", 63)       = 16
time(NULL)                              = 1181554965
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN, revents=POLLIN}], 2, 1000) = 1
ioctl(6, FIONREAD, [24])                = 0
read(6, "Connection: keep-alive\r\n", 63) = 24
time(NULL)                              = 1181554965
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN, revents=POLLIN}], 2, 1000) = 1
ioctl(6, FIONREAD, [9])                 = 0
read(6, "Host: h\r\n", 63)              = 9
time(NULL)                              = 1181554965
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN, revents=POLLIN}], 2, 1000) = 1
ioctl(6, FIONREAD, [13])                = 0
read(6, "Location: h\r\n", 63)          = 13
time(NULL)                              = 1181554965
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN, revents=POLLIN}], 2, 1000) = 1
ioctl(6, FIONREAD, [13])                = 0
read(6, "Location: h\r\n", 63)          = 13
time(NULL)                              = 1181554965
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN, revents=POLLIN}], 2, 1000) = 1
ioctl(6, FIONREAD, [4])                 = 0
read(6, " i\r\n", 63)                   = 4
time(NULL)                              = 1181554965
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN, revents=POLLIN}], 2, 1000) = 1
ioctl(6, FIONREAD, [2])                 = 0
read(6, "\r\n", 63)                     = 2
stat64("/var/www/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat64("/var/www/index.php", 0xbffd95e8) = -1 ENOENT (No such file or directory)
stat64("/var/www/index.html", {st_mode=S_IFREG|0644, st_size=3586, ...}) = 0
open("/var/www/index.html", O_RDONLY|O_LARGEFILE) = 7
close(7)                                = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1074, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1074, ...}) = 0
setsockopt(6, SOL_TCP, TCP_CORK, [1], 4) = 0
writev(6, [{"HTTP/1.1 200 OK\r\nContent-Type: t"..., 214}], 1) = 214
open("/var/www/index.html", O_RDONLY|O_LARGEFILE) = 7
fcntl64(7, F_SETFD, FD_CLOEXEC)         = 0
sendfile64(6, 7, [0], 3586)             = 3586
close(7)                                = 0
setsockopt(6, SOL_TCP, TCP_CORK, [0], 4) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1074, ...}) = 0
write(3, "192.168.0.128 h - [11/Jun/2007:1"..., 81) = 81
ioctl(6, FIONREAD, [0])                 = 0
read(6, 0x80d7a18, 63)                  = -1 EAGAIN (Resource temporarily unavailable)
time(NULL)                              = 1181554966
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN}], 2, 1000) = 0
time(NULL)                              = 1181554967
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN}], 2, 1000) = 0
time(NULL)                              = 1181554968
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN, revents=POLLIN}], 2, 1000) = 1
ioctl(6, FIONREAD, [16])                = 0
read(6, "GET / HTTP/1.1\r\n", 63)       = 16
time(NULL)                              = 1181554968
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN, revents=POLLIN}], 2, 1000) = 1
ioctl(6, FIONREAD, [59])                = 0
read(6, "Connection: keep-alive\r\nHost: h\r"..., 63) = 59
time(NULL)                              = 1181554968
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN, revents=POLLIN}], 2, 1000) = 1
ioctl(6, FIONREAD, [4])                 = 0
read(6, " i\r\n", 63)                   = 4
time(NULL)                              = 1181554969
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN, revents=POLLIN}], 2, 1000) = 1
ioctl(6, FIONREAD, [2])                 = 0
read(6, "\r\n", 63)                     = 2
stat64("/var/www/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat64("/var/www/index.php", 0xbffd95e8) = -1 ENOENT (No such file or directory)
stat64("/var/www/index.html", {st_mode=S_IFREG|0644, st_size=3586, ...}) = 0
open("/var/www/index.html", O_RDONLY|O_LARGEFILE) = 7
close(7)                                = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1074, ...}) = 0
setsockopt(6, SOL_TCP, TCP_CORK, [1], 4) = 0
writev(6, [{"HTTP/1.1 200 OK\r\nContent-Type: t"..., 214}], 1) = 214
open("/var/www/index.html", O_RDONLY|O_LARGEFILE) = 7
fcntl64(7, F_SETFD, FD_CLOEXEC)         = 0
sendfile64(6, 7, [0], 3586)             = 3586
close(7)                                = 0
setsockopt(6, SOL_TCP, TCP_CORK, [0], 4) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1074, ...}) = 0
write(3, "192.168.0.128 h - [11/Jun/2007:1"..., 81) = 81
ioctl(6, FIONREAD, [0])                 = 0
read(6, 0x80d7808, 63)                  = -1 EAGAIN (Resource temporarily unavailable)
time(NULL)                              = 1181554969
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN, revents=POLLIN}], 2, 1000) = 1
ioctl(6, FIONREAD, [16])                = 0
read(6, "GET / HTTP/1.1\r\n", 63)       = 16
time(NULL)                              = 1181554970
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN, revents=POLLIN}], 2, 1000) = 1
ioctl(6, FIONREAD, [59])                = 0
read(6, "Connection: keep-alive\r\nHost: h\r"..., 63) = 59
time(NULL)                              = 1181554970
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN, revents=POLLIN}], 2, 1000) = 1
ioctl(6, FIONREAD, [4])                 = 0
read(6, " i\r\n", 63)                   = 4
time(NULL)                              = 1181554970
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN, revents=POLLIN}], 2, 1000) = 1
ioctl(6, FIONREAD, [2])                 = 0
read(6, "\r\n", 63)                     = 2
stat64("/var/www/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat64("/var/www/index.php", 0xbffd95e8) = -1 ENOENT (No such file or directory)
stat64("/var/www/index.html", {st_mode=S_IFREG|0644, st_size=3586, ...}) = 0
open("/var/www/index.html", O_RDONLY|O_LARGEFILE) = 7
close(7)                                = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
Process 2071 detached

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages lighttpd depends on:
ii  libattr1                    2.4.32-1     Extended attribute shared library
ii  libbz2-1.0                  1.0.3-6      high-quality block-sorting file co
ii  libc6                       2.3.6.ds1-13 GNU C Library: Shared libraries
ii  libldap2                    2.1.30-13.3  OpenLDAP libraries
ii  libpcre3                    6.7-1        Perl 5 Compatible Regular Expressi
ii  libssl0.9.8                 0.9.8c-4     SSL shared libraries
ii  lsb-base                    3.1-23.1     Linux Standard Base 3.1 init scrip
ii  mime-support                3.39-1       MIME files 'mime.types' & 'mailcap
ii  zlib1g                      1:1.2.3-13   compression library - runtime

Versions of packages lighttpd recommends:
pn  php4-cgi | php5-cgi           <none>     (no description available)

-- no debconf information

Message #10 received at 428368@bugs.debian.org (full text, mbox, reply):

From: Olaf van der Spek <OlafvdSpek@GMail.Com>

To: Debian Bug Tracking System <428368@bugs.debian.org>

Subject: lighttpd: 1.4.15 is vulnerable too

Date: Mon, 11 Jun 2007 11:56:18 +0200

Package: lighttpd
Version: 1.4.15-1
Followup-For: Bug #428368

Hi,

1.4.15 is vulnerable too.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-4-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages lighttpd depends on:
ii  libattr1                    1:2.4.32-1.1 Extended attribute shared library
ii  libbz2-1.0                  1.0.3-6      high-quality block-sorting file co
ii  libc6                       2.5-9+b1     GNU C Library: Shared libraries
ii  libldap2                    2.1.30-13.4  OpenLDAP libraries
ii  libpcre3                    6.7-1        Perl 5 Compatible Regular Expressi
ii  libssl0.9.8                 0.9.8e-5     SSL shared libraries
ii  lsb-base                    3.1-23.1     Linux Standard Base 3.1 init scrip
ii  mime-support                3.39-1       MIME files 'mime.types' & 'mailcap
ii  perl                        5.8.8-7      Larry Wall's Practical Extraction 
ii  zlib1g                      1:1.2.3-15   compression library - runtime

Versions of packages lighttpd recommends:
pn  php4-cgi | php5-cgi           <none>     (no description available)

-- no debconf information

Message #21 received at 428368@bugs.debian.org (full text, mbox, reply):

From: Cyril Brulebois <cyril.brulebois@enst-bretagne.fr>

To: Olaf van der Spek <OlafvdSpek@GMail.Com>, 428368@bugs.debian.org

Subject: Re: Bug#428368: lighttpd: 1.4.15 is vulnerable too

Date: Mon, 16 Jul 2007 03:02:19 +0200

[Message part 1 (text/plain, inline)]

Olaf van der Spek <OlafvdSpek@GMail.Com> (11/06/2007):
> 1.4.15 is vulnerable too.

Hi,

I'm unable to reproduce this, but FWIW, it looks like upstream has fixed
this problem, see [1]. The patch on src/request.c applies cleanly on
1.4.15-1.

 1. http://trac.lighttpd.net/trac/ticket/1232

Cheers,

-- 
Cyril Brulebois

[Message part 2 (application/pgp-signature, inline)]

Message #26 received at 428368@bugs.debian.org (full text, mbox, reply):

From: Pierre Habouzit <madcoder@debian.org>

To: 428368@bugs.debian.org, security@debian.org

Subject: lighttpd vuln patch

Date: Fri, 20 Jul 2007 11:02:07 +0200

[Message part 1 (text/plain, inline)]

  attached is the patch that fixes it. I'm going to NMU lighttpd in
unstable, please someone takes care of etch.

-- 
·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

[Message part 2 (application/pgp-signature, inline)]

Message #31 received at 428368@bugs.debian.org (full text, mbox, reply):

From: Pierre Habouzit <madcoder@debian.org>

To: 428368@bugs.debian.org, security@debian.org

Subject: Re: Bug#428368: lighttpd vuln patch

Date: Fri, 20 Jul 2007 11:07:33 +0200

[Message part 1 (text/plain, inline)]

On Fri, Jul 20, 2007 at 11:02:07AM +0200, Pierre Habouzit wrote:
>   attached is the patch that fixes it. I'm going to NMU lighttpd in
> unstable, please someone takes care of etch.

  I obviously forgot the patch...

-- 
·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

[04_wrapping_headers_bugfix.dpatch (text/plain, inline)]

#! /bin/sh /usr/share/dpatch/dpatch-run
## 04_wrapping_headers_bugfix.dpatch by Pierre Habouzit <madcoder@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.

@DPATCH@
diff -urNad lighttpd-1.4.15~/src/request.c lighttpd-1.4.15/src/request.c
--- lighttpd-1.4.15~/src/request.c	2007-04-13 17:26:31.000000000 +0200
+++ lighttpd-1.4.15/src/request.c	2007-07-20 11:03:12.000000000 +0200
@@ -284,8 +284,6 @@
 
 	int done = 0;
 
-	data_string *ds = NULL;
-
 	/*
 	 * Request: "^(GET|POST|HEAD) ([^ ]+(\\?[^ ]+|)) (HTTP/1\\.[01])$"
 	 * Option : "^([-a-zA-Z]+): (.+)$"
@@ -715,12 +713,24 @@
 			switch(*cur) {
 			case '\r':
 				if (con->parse_request->ptr[i+1] == '\n') {
+					data_string *ds = NULL;
+
 					/* End of Headerline */
 					con->parse_request->ptr[i] = '\0';
 					con->parse_request->ptr[i+1] = '\0';
 
 					if (in_folding) {
-						if (!ds) {
+						buffer *key_b;
+						/**
+						 * we use a evil hack to handle the line-folding
+						 * 
+						 * As array_insert_unique() deletes 'ds' in the case of a duplicate
+						 * ds points somewhere and we get a evil crash. As a solution we keep the old
+						 * "key" and get the current value from the hash and append us
+						 *
+						 * */
+
+						if (!key || !key_len) {
 							/* 400 */
 
 							if (srv->srvconf.log_request_header_on_error) {
@@ -737,7 +747,15 @@
 							con->response.keep_alive = 0;
 							return 0;
 						}
-						buffer_append_string(ds->value, value);
+
+						key_b = buffer_init();
+						buffer_copy_string_len(key_b, key, key_len);
+
+						if (NULL != (ds = (data_string *)array_get_element(con->request.headers, key_b->ptr))) {
+							buffer_append_string(ds->value, value);
+						}
+
+						buffer_free(key_b);
 					} else {
 						int s_len;
 						key = con->parse_request->ptr + first;
@@ -969,7 +987,12 @@
 					first = i+1;
 					is_key = 1;
 					value = 0;
-					key_len = 0;
+#if 0
+					/**
+					 * for Bug 1230 keep the key_len a live
+					 */
+					key_len = 0; 
+#endif
 					in_folding = 0;
 				} else {
 					if (srv->srvconf.log_request_header_on_error) {
diff -urNad lighttpd-1.4.15~/tests/core-request.t lighttpd-1.4.15/tests/core-request.t
--- lighttpd-1.4.15~/tests/core-request.t	2007-02-08 17:34:47.000000000 +0100
+++ lighttpd-1.4.15/tests/core-request.t	2007-07-20 11:03:12.000000000 +0200
@@ -8,7 +8,7 @@
 
 use strict;
 use IO::Socket;
-use Test::More tests => 33;
+use Test::More tests => 36;
 use LightyTest;
 
 my $tf = LightyTest->new();
@@ -273,6 +273,38 @@
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
 ok($tf->handle_http($t) == 0, 'uppercase filenames');
 
+$t->{REQUEST}  = ( <<EOF
+GET / HTTP/1.0
+Location: foo
+Location: foobar
+  baz
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, '#1209 - duplicate headers with line-wrapping');
+
+$t->{REQUEST}  = ( <<EOF
+GET / HTTP/1.0
+Location: 
+Location: foobar
+  baz
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, '#1209 - duplicate headers with line-wrapping - test 2');
+
+$t->{REQUEST}  = ( <<EOF
+GET / HTTP/1.0
+A: 
+Location: foobar
+  baz
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, '#1209 - duplicate headers with line-wrapping - test 3');
+
+
+
 
 ok($tf->stop_proc == 0, "Stopping lighttpd");
 

[Message part 3 (application/pgp-signature, inline)]

Message #36 received at 428368@bugs.debian.org (full text, mbox, reply):

From: Pierre Habouzit <madcoder@debian.org>

To: 428368@bugs.debian.org

Subject: diff for 1.4.15-1.1 NMU

Date: Fri, 20 Jul 2007 11:08:05 +0200

[Message part 1 (text/plain, inline)]

Hi,

Attached is the diff for my lighttpd 1.4.15-1.1 NMU.

[lighttpd-1.4.15-1.1-nmu.diff (text/plain, attachment)]

[Message part 3 (application/pgp-signature, inline)]

Message #45 received at 428368-close@bugs.debian.org (full text, mbox, reply):

From: Pierre Habouzit <madcoder@debian.org>

To: 428368-close@bugs.debian.org

Subject: Bug#428368: fixed in lighttpd 1.4.15-1.1

Date: Fri, 20 Jul 2007 09:32:03 +0000

Source: lighttpd
Source-Version: 1.4.15-1.1

We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive:

lighttpd-doc_1.4.15-1.1_all.deb
  to pool/main/l/lighttpd/lighttpd-doc_1.4.15-1.1_all.deb
lighttpd-mod-cml_1.4.15-1.1_amd64.deb
  to pool/main/l/lighttpd/lighttpd-mod-cml_1.4.15-1.1_amd64.deb
lighttpd-mod-magnet_1.4.15-1.1_amd64.deb
  to pool/main/l/lighttpd/lighttpd-mod-magnet_1.4.15-1.1_amd64.deb
lighttpd-mod-mysql-vhost_1.4.15-1.1_amd64.deb
  to pool/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.15-1.1_amd64.deb
lighttpd-mod-trigger-b4-dl_1.4.15-1.1_amd64.deb
  to pool/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.15-1.1_amd64.deb
lighttpd-mod-webdav_1.4.15-1.1_amd64.deb
  to pool/main/l/lighttpd/lighttpd-mod-webdav_1.4.15-1.1_amd64.deb
lighttpd_1.4.15-1.1.diff.gz
  to pool/main/l/lighttpd/lighttpd_1.4.15-1.1.diff.gz
lighttpd_1.4.15-1.1.dsc
  to pool/main/l/lighttpd/lighttpd_1.4.15-1.1.dsc
lighttpd_1.4.15-1.1_amd64.deb
  to pool/main/l/lighttpd/lighttpd_1.4.15-1.1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 428368@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pierre Habouzit <madcoder@debian.org> (supplier of updated lighttpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 20 Jul 2007 11:04:07 +0200
Source: lighttpd
Binary: lighttpd-mod-mysql-vhost lighttpd-mod-cml lighttpd-doc lighttpd-mod-trigger-b4-dl lighttpd lighttpd-mod-webdav lighttpd-mod-magnet
Architecture: source amd64 all
Version: 1.4.15-1.1
Distribution: unstable
Urgency: low
Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>
Changed-By: Pierre Habouzit <madcoder@debian.org>
Description: 
 lighttpd   - A fast webserver with minimal memory footprint
 lighttpd-doc - Documentation for lighttpd
 lighttpd-mod-cml - Cache meta language module for lighttpd
 lighttpd-mod-magnet - Control the request handling module for lighttpd
 lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
 lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd
 lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 428368
Changes: 
 lighttpd (1.4.15-1.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * add patches/04_wrapping_headers_bugfix.dpatch to fix crash with wrapping
     headers (Closes: 428368).
Files: 
 c53023c493cab557059d8fe32239e6f4 1136 web optional lighttpd_1.4.15-1.1.dsc
 f851363fc121ca0479e6fa4bd9c154e2 20333 web optional lighttpd_1.4.15-1.1.diff.gz
 8f626eb91d5e707ac56c421cf878ffdb 103176 doc optional lighttpd-doc_1.4.15-1.1_all.deb
 a6163ac043841ef89332d103e218893d 300236 web optional lighttpd_1.4.15-1.1_amd64.deb
 474dfdbba663a5f2382fe8b205ec08a6 60460 web optional lighttpd-mod-mysql-vhost_1.4.15-1.1_amd64.deb
 5209ec8730e01d73af9b93615fdfcfb2 62076 web optional lighttpd-mod-trigger-b4-dl_1.4.15-1.1_amd64.deb
 0d24861849d1eaab9a71f216dfe77000 65560 web optional lighttpd-mod-cml_1.4.15-1.1_amd64.deb
 dcadf9c9955bac711521231f5b8131f5 65254 web optional lighttpd-mod-magnet_1.4.15-1.1_amd64.deb
 9aa43dc2b992dc0abb318a02d2cda054 71662 web optional lighttpd-mod-webdav_1.4.15-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGoHt7vGr7W6HudhwRAiKyAKCoCL7BAEvvap0kORryicXJL5k/sgCdFfcT
i7nMMTtwKD2X4tlUlG2sCHk=
=6hZl
-----END PGP SIGNATURE-----

Message #55 received at 428368@bugs.debian.org (full text, mbox, reply):

From: Steve Kemp <skx@debian.org>

To: Pierre Habouzit <madcoder@debian.org>

Cc: 428368@bugs.debian.org, security@debian.org

Subject: Re: lighttpd vuln patch

Date: Fri, 20 Jul 2007 15:51:56 +0100

On Fri Jul 20, 2007 at 11:02:07 +0200, Pierre Habouzit wrote:
>   attached is the patch that fixes it. I'm going to NMU lighttpd in
> unstable, please someone takes care of etch.

  Joey if you could allocate a DOS CVE ID I'll do the upload,
 I've already done lighttpd patches for etch.

Steve
-- 

Message #60 received at 428368@bugs.debian.org (full text, mbox, reply):

From: Joey Schulze <joey@infodrom.org>

To: Steve Kemp <skx@debian.org>

Cc: Pierre Habouzit <madcoder@debian.org>, 428368@bugs.debian.org, security@debian.org

Subject: Re: lighttpd vuln patch

Date: Fri, 20 Jul 2007 18:23:19 +0200

Steve Kemp wrote:
> On Fri Jul 20, 2007 at 11:02:07 +0200, Pierre Habouzit wrote:
> >   attached is the patch that fixes it. I'm going to NMU lighttpd in
> > unstable, please someone takes care of etch.
> 
>   Joey if you could allocate a DOS CVE ID I'll do the upload,
>  I've already done lighttpd patches for etch.

Please use CVE-2007-2841.

Regards,

	Joey

-- 
Ten years and still binary compatible.  -- XFree86

Please always Cc to me when replying to me on the lists.

Message #67 received at 428368@bugs.debian.org (full text, mbox, reply):

From: Steve Kemp <skx@debian.org>

To: Pierre Habouzit <madcoder@debian.org>

Cc: 428368@bugs.debian.org, security@debian.org

Subject: Re: Bug#428368: lighttpd vuln patch

Date: Tue, 24 Jul 2007 10:28:33 +0100

  This one isn't going to get released as-is, as there are a couple
 more pending issues with lighttpd.
  I'll roll them all up once I have valid identifiers for them.

Steve
-- 
# The Debian Security Audit Project.
http://www.debian.org/security/audit

Message #72 received at 428368-close@bugs.debian.org (full text, mbox, reply):

From: Krzysztof Krzyzaniak (eloy) <eloy@debian.org>

To: 428368-close@bugs.debian.org

Subject: Bug#428368: fixed in lighttpd 1.4.16-1

Date: Fri, 27 Jul 2007 10:47:02 +0000

Source: lighttpd
Source-Version: 1.4.16-1

We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive:

lighttpd-doc_1.4.16-1_all.deb
  to pool/main/l/lighttpd/lighttpd-doc_1.4.16-1_all.deb
lighttpd-mod-cml_1.4.16-1_i386.deb
  to pool/main/l/lighttpd/lighttpd-mod-cml_1.4.16-1_i386.deb
lighttpd-mod-magnet_1.4.16-1_i386.deb
  to pool/main/l/lighttpd/lighttpd-mod-magnet_1.4.16-1_i386.deb
lighttpd-mod-mysql-vhost_1.4.16-1_i386.deb
  to pool/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.16-1_i386.deb
lighttpd-mod-trigger-b4-dl_1.4.16-1_i386.deb
  to pool/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.16-1_i386.deb
lighttpd-mod-webdav_1.4.16-1_i386.deb
  to pool/main/l/lighttpd/lighttpd-mod-webdav_1.4.16-1_i386.deb
lighttpd_1.4.16-1.diff.gz
  to pool/main/l/lighttpd/lighttpd_1.4.16-1.diff.gz
lighttpd_1.4.16-1.dsc
  to pool/main/l/lighttpd/lighttpd_1.4.16-1.dsc
lighttpd_1.4.16-1_i386.deb
  to pool/main/l/lighttpd/lighttpd_1.4.16-1_i386.deb
lighttpd_1.4.16.orig.tar.gz
  to pool/main/l/lighttpd/lighttpd_1.4.16.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 428368@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Krzysztof Krzyzaniak (eloy) <eloy@debian.org> (supplier of updated lighttpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 27 Jul 2007 10:32:51 +0200
Source: lighttpd
Binary: lighttpd-mod-mysql-vhost lighttpd-mod-cml lighttpd-doc lighttpd-mod-trigger-b4-dl lighttpd lighttpd-mod-webdav lighttpd-mod-magnet
Architecture: source i386 all
Version: 1.4.16-1
Distribution: unstable
Urgency: low
Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>
Changed-By: Krzysztof Krzyzaniak (eloy) <eloy@debian.org>
Description: 
 lighttpd   - A fast webserver with minimal memory footprint
 lighttpd-doc - Documentation for lighttpd
 lighttpd-mod-cml - Cache meta language module for lighttpd
 lighttpd-mod-magnet - Control the request handling module for lighttpd
 lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
 lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd
 lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 397514 408374 419664 428368 430469 434546 434717
Changes: 
 lighttpd (1.4.16-1) unstable; urgency=low
 .
   * New upstream release (closes: #434546)
   * Acknowledge NMU by Pierre Habouzit for CVE-2007-2841 (closes: #428368)
   * Added static-file.exclude-extensions section to lighttpd.conf (closes: #408374)
   * Fixed description of conf-available/10-fastcgi.conf (closes: #430469)
   * Added mod_extforward to debian/lighttpd.install (closes: #434717)
   * config.guess taken from upstream (closes: #419664)
   * turn on compression (closes: #397514)
   * debian/control: XS-Vcs-Svn header added
Files: 
 707960274f6fc5464eda67fae627259e 1190 web optional lighttpd_1.4.16-1.dsc
 04988067026e93ccb46e19fa8c17ae97 795818 web optional lighttpd_1.4.16.orig.tar.gz
 0fb914e74fdc858e0b194c82a1b90dae 17951 web optional lighttpd_1.4.16-1.diff.gz
 f888c39a9d14d4beb61793eb54894abe 102786 doc optional lighttpd-doc_1.4.16-1_all.deb
 96b1766a79f2d9fd36f96e85de6de94c 290568 web optional lighttpd_1.4.16-1_i386.deb
 79b72935a4632f3a14e7d21d2d310643 60866 web optional lighttpd-mod-mysql-vhost_1.4.16-1_i386.deb
 337f46370d5d26b0b66f5d8c98a20c7e 62582 web optional lighttpd-mod-trigger-b4-dl_1.4.16-1_i386.deb
 b1f819e3914588c6b5180bdebfc62ab1 65532 web optional lighttpd-mod-cml_1.4.16-1_i386.deb
 c940d9bee6bcbbbd5a1756217d784718 65082 web optional lighttpd-mod-magnet_1.4.16-1_i386.deb
 de63e6ceb172d2bd6c8b461695a84f32 72570 web optional lighttpd-mod-webdav_1.4.16-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGqcu2y+HP4f7iC8sRAvm9AJ9IrzVXXJ7/zE1HV/fJmPJwAhpKXACfavWQ
neFnDzSoB6L/qc2b04BDuBs=
=Wfkw
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.