Bug#832433: [Pkg-erlang-devel] Bug#832433: CVE-2016-1000108

On Mon, Jul 25, 2016 at 06:04:50PM +0300, Sergei Golovan wrote: > Hi Moritz, > > On Mon, Jul 25, 2016 at 5:03 PM, Moritz Muehlenhoff wrote: > > Source: yaws > > Severity: normal > > Tags: security > > > > http://seclists.org/oss-sec/2016/q3/95 claims that yaws sets > > HTTP_PROXY based a passed P

Bug#832433: [Pkg-erlang-devel] Bug#832433: Bug#832433: CVE-2016-1000108

Hi again, Appears that this bug is already fixed upstream (in VCS, not in any release yet): https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1 I could take this patch and prepare the fixes for sid and jessie. Cheers! -- Sergei G

Bug#832433: [Pkg-erlang-devel] Bug#832433: CVE-2016-1000108

Hi Moritz, On Mon, Jul 25, 2016 at 5:03 PM, Moritz Muehlenhoff wrote: > Source: yaws > Severity: normal > Tags: security > > http://seclists.org/oss-sec/2016/q3/95 claims that yaws sets > HTTP_PROXY based a passed Proxy: header. I don't see any > evidence for that in the source, but maybe I'm mis

Bug#832433: CVE-2016-1000108

Source: yaws Severity: normal Tags: security http://seclists.org/oss-sec/2016/q3/95 claims that yaws sets HTTP_PROXY based a passed Proxy: header. I don't see any evidence for that in the source, but maybe I'm missing something? heers, Moritz