Hi Chris, On Sun, Apr 13, 2025 at 08:06:18PM +0200, Chris Hofstaedtler wrote: > On Sat, Jan 11, 2025 at 03:00:45PM +0100, Salvatore Bonaccorso wrote: > > Source: libfcgi > > Version: 2.4.2-2.1 > > Severity: grave > > Tags: security upstream > > Forwarded: https://github.com/FastCGI-Archives/fcgi2/issues/67 > > In the upstream bug there seems to be some disagreement if this is > actually a problem. > > Has any other distro fixed this yet, in some form?
Not that I'm aware of yet. The reporter said that they will publish an article mid april (so soon?) about how to exploit the vulnerablity. I'm not exactly sure were we stand right now, and need to re-read the upstream issue, but as long upstream has not landed a potential fix then I do not think we need to take an action. Regards, Salvatore
