Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3906 to the following vulnerability: CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. References: https://bugzilla.novell.com/show_bug.cgi?id=418620 http://www.openwall.com/lists/oss-security/2008/08/27/6 http://secunia.com/advisories/31643 http://www.securityfocus.com/bid/30867 http://www.frsirt.com/english/advisories/2008/2443 Upstream commits to various SVN branches are mentioned in Novell bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=418620#c12 https://bugzilla.novell.com/show_bug.cgi?id=418620#c16
Fixed in the next push (should hit rawhide tomorrow/saturday)
Re-opening this parent bugs, which is supposed to track this issue across all supported versions, as F8/F9 should still be unfixed.