FEDORA-2015-06a7c972e8

security update in Fedora 23 for thttpd

Status: testing 3 years ago

Add a patch to fix RHBZ #924857 / CVE-2013-0348


  • Add patch to fix RHBZ #887451 / CVE-2012-5640
  • Fix fedora logo issue (RHBZ #1114423).
  • Enable PIE flags (RHBZ #955129)
  • Use systemd for post-rotate script (RHBZ #1218259)

How to install

sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2015-06a7c972e8

Comments 10

This update has been submitted for testing by athmane.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

$ rpm -q thttpd

thttpd-2.25b-36.fc23.i686

$ ls -l /var/log/thttpd.log

-rw-------. 1 thttpd www 858 Dec 7 21:29 /var/log/thttpd.log

karma: +1 #924857: +1

athmane edited this update.

New build(s):

  • thttpd-2.25b-37.fc23

Removed build(s):

  • thttpd-2.25b-36.fc23

This update has been submitted for testing by athmane.

This update has obsoleted thttpd-2.25b-35.fc23, and has inherited its bugs and notes.

This update has been pushed to testing.

thanks!

karma: +1 #924857: +1 #1114423: +1 #955129: +1 #1218259: +1

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#887451 CVE-2012-5640 thttpd: Denial of Service when using glibc, crypt() can return NULL [epel-all]
#924857 CVE-2013-0348 thttpd: World-readable log file
#955129 thttpd package should be built with PIE flags
#1114423 broken symlink to poweredby.png
#1218259 thttpd has incorrect logrotate postrotate script following move to systemd
Content Type
RPM
Status
testing
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 3 years ago
in testing 3 years ago
modified 3 years ago

Related Bugs 5

00 #887451 CVE-2012-5640 thttpd: Denial of Service when using glibc, crypt() can return NULL [epel-all]
0+1 #924857 CVE-2013-0348 thttpd: World-readable log file
0+1 #955129 thttpd package should be built with PIE flags
0+1 #1114423 broken symlink to poweredby.png
0+1 #1218259 thttpd has incorrect logrotate postrotate script following move to systemd

Automated Test Results