FEDORA-EPEL-2015-35e240edd9 created by athmane 3 years ago for Fedora EPEL 6
unpushed

Fix RHBZ #887451 / CVE-2012-5640 and #924857 / CVE-2013-0348.

This update has been submitted for testing by athmane. 3 years ago
This update has been pushed to testing. 3 years ago
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes 3 years ago
User Icon ttorling commented & provided feedback 3 years ago

This has been in testing for 328 days. Is the maintainer still active? It seems to me that this should either be pushed to stable or cancelled.

User Icon athmane commented & provided feedback 3 years ago

It orphaned [1], I tried to fix the security bugs but upstream does not accept patches anymore.

There's a couple alternative lightweight httpd with static content support only (darkhttpd)

[1] https://admin.fedoraproject.org/pkgdb/package/rpms/thttpd/

This update has been unpushed.


Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
3 years ago
in testing
3 years ago
BZ#887451 CVE-2012-5640 thttpd: Denial of Service when using glibc, crypt() can return NULL [epel-all]
0
0
BZ#924857 CVE-2013-0348 thttpd: World-readable log file
0
0
BZ#924859 CVE-2013-0348 thttpd: World-readable log file [epel-all]
0
0

Automated Test Results