1
Candidate: CVE-2011-4362
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4362
5
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt
7
Integer signedness error in the base64_decode function in the HTTP
8
authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30
9
and 1.5 before SVN revision 2806 allows remote attackers to cause a denial
10
of service (segmentation fault) via crafted base64 input that triggers an
11
out-of-bounds read with a negative index.
15
http://redmine.lighttpd.net/issues/2370
16
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652726
18
Discovered-by: Xi Wang
22
upstream: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt
23
debdiff: https://launchpad.net/bugs/906792
24
upstream_lighttpd: released (1.4.30)
25
hardy_lighttpd: ignored (reached end-of-life)
26
lucid_lighttpd: released (1.4.26-1.1ubuntu3.1)
27
maverick_lighttpd: released (1.4.26-3ubuntu2.1)
28
natty_lighttpd: released (1.4.28-2ubuntu1.1)
29
oneiric_lighttpd: released (1.4.28-2ubuntu2.1)
30
devel_lighttpd: released (1.4.28-2ubuntu4)