[Nitro] [PATCH] Fix an exploitable bug in CGI multipart parsing

Jonathan Buch john at oxyliquit.de
Wed Oct 25 09:42:48 EDT 2006


On Wed, 25 Oct 2006 10:41:44 +0200, Michael Fellinger <manveru at weez-int.com> wrote:

> patch attached, it's still warm :)
> please apply ASAP (also you guys who use 0.31, please patch)
>
> This fully closes a previously-reported but partially-fixed vulnerability:
>   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0983
>   http://www.securityfocus.com/bid/11618/info
>
> thanks to zedas who informed us :)
>
> ^ manveru
>

Ah, very nice, thanks manv, zedas.

Good that I run on fcgi ;)

Jo

-- 
Feel the love
http://pinkjuice.com/pics/ruby.png


More information about the Nitro-general mailing list