FS#57167 - [sthttpd] [Security] denial of service (CVE-2017-10671)
Attached to Project:
Community Packages
Opened by Tyler Bennett (arch3y) - Friday, 19 January 2018, 22:15 GMT
Last edited by Gaetan Bisson (vesath) - Saturday, 20 January 2018, 08:30 GMT
Opened by Tyler Bennett (arch3y) - Friday, 19 January 2018, 22:15 GMT
Last edited by Gaetan Bisson (vesath) - Saturday, 20 January 2018, 08:30 GMT
|
Details
Summary
======= The package sthttpd is vulnerable to denial of service via CVE-2017-10671. Guidance ======== This should be able to be closed as shttpd version 2.27.1 is in the repo and it is patched per: https://github.com/blueness/sthttpd/releases References ========== https://security.archlinux.org/AVG-333 https://github.com/blueness/sthttpd/commit/c0dc63a49d8605649f1d8e4a96c9b468b0bff660 http://seclists.org/oss-sec/2017/q2/481 |
This task depends upon
Closed by Gaetan Bisson (vesath)
Saturday, 20 January 2018, 08:30 GMT
Reason for closing: Not a bug
Additional comments about closing: As the report point out, there is really no bug here since we already ship version 2.27.1
Saturday, 20 January 2018, 08:30 GMT
Reason for closing: Not a bug
Additional comments about closing: As the report point out, there is really no bug here since we already ship version 2.27.1
Comment by Gaetan Bisson (vesath) -
Saturday, 20 January 2018, 08:30 GMT
What point is there to report already-fixed CVEs?