Overview

File _patchinfo of Package patchinfo.11283

<patchinfo incident="11283">
  <issue tracker="bnc" id="1087369">Change default TLS configuration of lighttpd for better security out-of-the-box</issue>
  <issue tracker="bnc" id="1111733">Out of date package: openSUSE:Factory/lighttpd</issue>
  <issue tracker="bnc" id="1153722">lighttpd build faild after update postgesql to 11</issue>
  <issue tracker="bnc" id="1115016">VUL-0: CVE-2018-19052: lighttpd: An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias co</issue>
  <issue tracker="cve" id="2018-19052"/>
  <packager>AndreasStieger</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for lighttpd</summary>
  <description>This update for lighttpd to version 1.4.54 fixes the following issues:

Security issues fixed:

- CVE-2018-19052: Fixed a path traversal in mod_alias (boo#1115016).
- Changed the default TLS configuration of lighttpd for better security out-of-the-box (boo#1087369).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places