TEMP-0783007-4C0B51

NameTEMP-0783007-4C0B51
Descriptionhttp uri parsing issue
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs783007

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libhtp (PTS)wheezy0.2.6-2vulnerable
buster, sid1:0.5.25-1fixed
suricata (PTS)wheezy1.2.1-2fixed
wheezy (security)1.2.1-2+deb7u1fixed
jessie (security), jessie2.0.7-2+deb8u1fixed
stretch3.2.1-1+deb9u1fixed
buster, sid1:4.0.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libhtpsource(unstable)1:0.5.25-1783007
suricatasource(unstable)2.0.7-1
suricatasourcesqueeze(not affected)
suricatasourcewheezy(not affected)

Notes

[squeeze] - libhtp <no-dsa> (Minor issue)
if libhtp gets updated to 0.5.17 in sid, it will conflict with suricata which ships the library too (see #783005)
[wheezy] - libhtp <no-dsa> (Unusable in wheezy, planned for removal)
[wheezy] - suricata <not-affected> (Uses system-wide libhtp)
[squeeze] - suricata <not-affected> (Uses system-wide libhtp)
https://redmine.openinfosecfoundation.org/issues/1391
https://github.com/OISF/libhtp/commit/1a6c9465fb641f81460392f622d1878d5e87fc00
Fixed in Libhtp 0.5.17 upstream

Search for package or bug name: Reporting problems