A vulnerability was reported against multiple web servers [1] where the log files contained unescaped sequences that could potentially affect certain terminals when viewing the log files. While we don't necessarily see this as a problem in the web servers themself, being able to correct them to have sanitized contents in the log files would be a good thing. The Debian bug report [2] to that end has a patch attached [3] that would correct the issue in boa. Since it does not look like upstream will resolve this issue, this bug is being opened so that boa in Fedora can be patched. [1] http://www.ush.it/team/ush/hack_httpd_escape/adv.txt [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578035 [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=escape-errorlog.patch;att=1;bug=578035
Created boa tracking bugs for this issue Affects: fedora-all [bug 583164]
boa-0.94.14-0.15.rc21.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/boa-0.94.14-0.15.rc21.fc13
boa-0.94.14-0.15.rc21.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/boa-0.94.14-0.15.rc21.fc12
boa-0.94.14-0.15.rc21.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/boa-0.94.14-0.15.rc21.el4
boa-0.94.14-0.15.rc21.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/boa-0.94.14-0.15.rc21.fc11
boa-0.94.14-0.15.rc21.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/boa-0.94.14-0.15.rc21.el5
boa-0.94.14-0.15.rc21.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
boa-0.94.14-0.15.rc21.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
boa-0.94.14-0.15.rc21.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.