Lighttpd

2022-08-15

03:30 Bug #3170 (Fixed): mod_ajp13 read heap buffer overflow

Applied in changeset commit:0b49e767b906d6861f63d3764001bd73a65265dc. gstrauss

03:17 Bug #3170 (Patch Pending): mod_ajp13 read heap buffer overflow

Thank you for the bug report and for the details to reproduce.
A malicious backend can trigger a 1-byte unsigned int... gstrauss

03:19 Revision 0b49e767: [mod_ajp13] fix crash with bad response headers (fixes #3170)

fix crash with bad response headers from AJP13 backend
(thx Michał Dardas)
x-ref:
"mod_ajp13 read heap buffer ove... gstrauss

2022-08-14

15:25 Bug #3169 (Missing Feedback): segfault in mod_status

Thanks for the update.
I'll mark the issue as Missing Feedback since it could not be reproduced (yet)
If the is... gstrauss

11:45 Bug #3169: segfault in mod_status

i installed version 1.4.66 from source and run it in gdb.
as my homepage has little traffic i used wget locally to ... Kio

13:22 Bug #3170 (Fixed): mod_ajp13 read heap buffer overflow

Read heap buffer overflow happens when the server receives malformed response from AJP backend.
The vulnerability ... mmmds

2022-08-13

20:32 Bug #3169 (Need Feedback): segfault in mod_status

gstrauss

2022-08-12

23:36 Revision 6524a2fb: Update comment about TCP_INFO on OpenBSD

github: closes #113 brad@comstyle.com