Author: gilbert-guest Date: 2011-11-29 23:02:50 +0000 (Tue, 29 Nov 2011) New Revision: 17711 Modified: data/CVE/list Log: lighttpd issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-11-29 21:14:43 UTC (rev 17710) +++ data/CVE/list 2011-11-29 23:02:50 UTC (rev 17711) @@ -647,8 +647,12 @@ RESERVED CVE-2011-4363 RESERVED -CVE-2011-4362 +CVE-2011-4362 [lighttpd signedness issue dos] RESERVED + - lighttpd <unfixed> (low) + NOTE: http://openwall.com/lists/oss-security/2011/11/29/8 + NOTE: http://redmine.lighttpd.net/issues/2370 + NOTE: the announcement says that the debian package is not affected, but there are no additional patches that would cause different behavior (i.e. the base64_reverse_table is the same in debian and upstream), so if upstream is affected, so too is the debian package CVE-2011-4361 RESERVED CVE-2011-4360