Author: nion Date: 2011-12-20 13:41:48 +0000 (Tue, 20 Dec 2011) New Revision: 17831 Modified: data/CVE/list Log: debian bug for CVE-2011-4362 Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-12-20 08:08:54 UTC (rev 17830) +++ data/CVE/list 2011-12-20 13:41:48 UTC (rev 17831) @@ -1576,7 +1576,7 @@ [lenny] - libproc-processtable-perl <no-dsa> (Minor issue) CVE-2011-4362 [lighttpd signedness issue dos] RESERVED - - lighttpd <unfixed> (low) + - lighttpd <unfixed> (low; bug #652726) NOTE: http://openwall.com/lists/oss-security/2011/11/29/8 NOTE: http://redmine.lighttpd.net/issues/2370 NOTE: the announcement says that the debian package is not affected, but there are no additional patches that would cause different behavior (i.e. the base64_reverse_table is the same in debian and upstream), so if upstream is affected, so too is the debian package