diff -Nru lighttpd-1.4.55/debian/changelog lighttpd-1.4.55/debian/changelog --- lighttpd-1.4.55/debian/changelog 2021-06-14 21:34:03.000000000 +0000 +++ lighttpd-1.4.55/debian/changelog 2023-02-17 02:09:14.000000000 +0000 @@ -1,3 +1,13 @@ +lighttpd (1.4.55-1ubuntu1.20.04.2) focal-security; urgency=medium + + * SECURITY UPDATE: Out-of-bounds Write + - debian/patches/CVE-2022-22707.patch: mod_extforward_Forwarded function + of the mod_extforward plugin has a stack-based buffer overflow. + (LP: #1994989) + - CVE-2022-22707 + + -- Jack Fewx Thu, 16 Feb 2023 20:09:14 -0600 + lighttpd (1.4.55-1ubuntu1.20.04.1) focal; urgency=medium * d/control: Depend on libgamin to fix missing symbol errors (LP: #1453463) diff -Nru lighttpd-1.4.55/debian/patches/CVE-2022-22707.patch lighttpd-1.4.55/debian/patches/CVE-2022-22707.patch --- lighttpd-1.4.55/debian/patches/CVE-2022-22707.patch 1970-01-01 00:00:00.000000000 +0000 +++ lighttpd-1.4.55/debian/patches/CVE-2022-22707.patch 2023-02-17 02:09:14.000000000 +0000 @@ -0,0 +1,28 @@ +Description: Security backport of CVE-2022-22707 + From: povcfe + Date: Wed, 5 Jan 2022 11:11:09 +0000 + Subject: [PATCH] [mod_extforward] fix out-of-bounds (OOB) write (fixes #3134) + + There is a potential remote denial of service in lighttpd mod_extforward + under specific, non-default and uncommon 32-bit lighttpd mod_extforward + configurations. + +Origin: upstream, https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664 +Bug: https://redmine.lighttpd.net/issues/3134 +Bug: https://nvd.nist.gov/vuln/detail/CVE-2022-22707 + +Reviewed-by: Jack Fewx +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1994989 + +--- +--- lighttpd-1.4.55.orig/src/mod_extforward.c ++++ lighttpd-1.4.55/src/mod_extforward.c +@@ -673,7 +673,7 @@ static handler_t mod_extforward_Forwarde + while (s[i] == ' ' || s[i] == '\t') ++i; + if (s[i] == ';') { ++i; continue; } + if (s[i] == ',') { +- if (j >= (int)(sizeof(offsets)/sizeof(int))) break; ++ if (j >= (int)(sizeof(offsets)/sizeof(int))-1) break; + offsets[++j] = -1; /*("offset" separating params from next proxy)*/ + ++i; + continue; diff -Nru lighttpd-1.4.55/debian/patches/series lighttpd-1.4.55/debian/patches/series --- lighttpd-1.4.55/debian/patches/series 2021-06-14 21:34:03.000000000 +0000 +++ lighttpd-1.4.55/debian/patches/series 2023-02-17 02:09:14.000000000 +0000 @@ -1,3 +1,4 @@ var-run-929203.patch build-dev-package.patch add-lighttpd.pc-configure.patch +CVE-2022-22707.patch