CVE-2011-4362

NameCVE-2011-4362
DescriptionInteger signedness error in the base64_decode function in the HTTP ...
SourceCVE (at NVD; oss-sec, OSVDB, EDB, Red Hat, Ubuntu, Gentoo, SuSE, more)
ReferencesDSA-2368-1
Debian Bugs652726
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
lighttpd (PTS)squeeze1.4.28-2+squeeze1.5fixed
squeeze (security)1.4.28-2+squeeze1.6fixed
wheezy1.4.31-4+deb7u2fixed
wheezy (security)1.4.31-4+deb7u3fixed
jessie, sid1.4.35-2fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
lighttpdsource(unstable)1.4.30-1low652726
lighttpdsourcelenny1.4.19-5+lenny3DSA-2368-1
lighttpdsourcesqueeze1.4.28-2+squeeze1DSA-2368-1

Notes

http://openwall.com/lists/oss-security/2011/11/29/8
http://redmine.lighttpd.net/issues/2370
the announcement says that the debian package is not affected, but there are no additional patches that would cause different behavior (i.e. the base64_reverse_table is the same in debian and upstream), so if upstream is affected, so too is the debian package

Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)