FS#57167 : [sthttpd] [Security] denial of service (CVE-2017-10671)

FS#57167 - [sthttpd] [Security] denial of service (CVE-2017-10671)

Attached to Project: Community Packages
Opened by Tyler Bennett (arch3y) - Friday, 19 January 2018, 22:15 GMT
Last edited by Gaetan Bisson (vesath) - Saturday, 20 January 2018, 08:30 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Gaetan Bisson (vesath) Levente Polyak (anthraxx)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary
=======

The package sthttpd is vulnerable to denial of service via CVE-2017-10671.

Guidance
========
This should be able to be closed as shttpd version 2.27.1 is in the repo and it is patched per: https://github.com/blueness/sthttpd/releases

References
==========

https://security.archlinux.org/AVG-333
https://github.com/blueness/sthttpd/commit/c0dc63a49d8605649f1d8e4a96c9b468b0bff660
http://seclists.org/oss-sec/2017/q2/481

This task depends upon

Closed by Gaetan Bisson (vesath)
Saturday, 20 January 2018, 08:30 GMT
Reason for closing: Not a bug
Additional comments about closing: As the report point out, there is really no bug here since we already ship version 2.27.1

Comment by Gaetan Bisson (vesath) - Saturday, 20 January 2018, 08:30 GMT

What point is there to report already-fixed CVEs?

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#57167 - [sthttpd] [Security] denial of service (CVE-2017-10671)

Details

Loading...