Publishing details


bozohttpd (20111118-1+deb7u1build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

bozohttpd (20111118-1+deb7u1) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2014-5015:
    bozotic HTTP server (aka bozohttpd) before 201407081 truncates paths when
    checking .htpasswd restrictions, which allows remote attackers to bypass
    the HTTP authentication scheme and access restrictions via a long path.
    (Closes: #755197)
  * CVE-2015-8212:
    Fix a security issue in CGI suffix handler support which would allow remote
    code execution.

 -- Steve Beattie <email address hidden>  Fri, 24 Jun 2016 14:35:34 -0700

Available diffs


Built packages

Package files