Lighttpd

2013-02-21

01:34 Bug #2478 (Need Feedback): invalid memory read in qop=auth-int "handling"

* with how big of bodies did you test that?
* did you test it with fastcgi?
darix

00:57 Bug #2478 (Fixed): invalid memory read in qop=auth-int "handling"

When qop == "auth-int" in an HTTP Digest authorization request, A2 is supposed to include an MD5sum of the message bo... oinkaroonie

2013-02-17

15:13 Bug #2476: Vunerable to CRIME SSL attack

OK, thank you. Hopefuly this issue will be visible in search engines so others will know. GDR

13:44 Bug #2476 (Invalid): Vunerable to CRIME SSL attack

You need to compile against a recent version of openssl (>= 1.0.0 probably); our source tries to use SSL_OP_NO_COMPRE... stbuehler

13:20 Bug #2476: Vunerable to CRIME SSL attack

lighttpd.net seems to be affected too: https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fwww.lighttpd.net%2F GDR

13:19 Bug #2476 (Invalid): Vunerable to CRIME SSL attack

I've tested my instance of lighttpd 1.4.32 with this tool: https://www.ssllabs.com/ssltest/
The result of the test... GDR