|
|
Date: Wed, 21 Nov 2012 13:20:13 +0100 From: Stefan Bühler <stbuehler@...httpd.net> To: oss-security@...ts.openwall.com Cc: lighttpd-announce@...ts.lighttpd.net Subject: lighttpd 1.4.32 released, fixing CVE-2012-5533 Hi, we just released lighttpd 1.4.32, fixing a DoS reported by Jesse Sipprell from McClatchy Interactive, Inc. Sending "Connection: TE,,Keep-Alive" as header will trigger an endless loop; as lighttpd is single threaded all request handling will stop immediately. Only lighttpd 1.4.31 is affected by this. For more details and other changes see: * www.lighttpd.net/2012/11/21/1-4-32/ * download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt Regards, Stefan [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.