Package: libcsoap1 Version: 1.1.0-17.2 Per discussion on debian-security -
A number of vulnerabilities exist in nanohttp, a lightweight webserver included in the libcsoap package. Patches are provided below against 1.1.0-17.2 (unstable). * Remote buffer overflow If the server is misconfigured, a remote user can trigger a buffer overflow by requesting a resource of a certain length. http://patrick.ld.net.au/libcsoap/nanohttp-buffer-1.patch * Remote null pointer dereference A remote user can cause a null pointer dereference by sending a malformed Authorization: header. http://patrick.ld.net.au/libcsoap/nanohttp-nullp-1.patch If you require any further information, don't hesitate to let me know. Cheers, Patrick -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
