Information on source package yaws

Available versions

ReleaseVersion
buster2.0.6+dfsg-1+deb10u1
bullseye2.0.8+dfsg-3
bookworm2.1.1+dfsg-2
trixie2.1.1+dfsg-2
sid2.1.1+dfsg-2

Open unimportant issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2009-4495vulnerablevulnerablevulnerablevulnerablevulnerableYaws 1.85 writes data to a log file without sanitizing non-printable c ...

Resolved issues

BugDescription
CVE-2020-24916CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulner ...
CVE-2020-24379WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vul ...
CVE-2017-10974Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Direc ...
CVE-2016-1000108yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 ...
CVE-2011-5025Multiple cross-site scripting (XSS) vulnerabilities in the wiki applic ...
CVE-2011-4350Yaws 1.91 has a directory traversal vulnerability in the way certain U ...
CVE-2010-4181Directory traversal vulnerability in Yaws 1.89 allows remote attackers ...
CVE-2009-0751Yaws before 1.80 allows remote attackers to cause a denial of service ...
CVE-2005-2008Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...

Security announcements

DSA / DLADescription
DSA-4773-1yaws - security update
DLA-2384-1yaws - security update
DSA-1740-1yaws - denial of service
Search for package or bug name: Reporting problems