Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-22707 (GCVE-0-2022-22707)
Vulnerability from cvelistv5
Published
2022-01-06 05:55
Modified
2024-08-03 03:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.
References
| ► | URL | Tags | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:48.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.lighttpd.net/issues/3134"
},
{
"name": "DSA-5040",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-12T10:06:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.lighttpd.net/issues/3134"
},
{
"name": "DSA-5040",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-22707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://redmine.lighttpd.net/issues/3134",
"refsource": "MISC",
"url": "https://redmine.lighttpd.net/issues/3134"
},
{
"name": "DSA-5040",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-22707",
"datePublished": "2022-01-06T05:55:30",
"dateReserved": "2022-01-06T00:00:00",
"dateUpdated": "2024-08-03T03:21:48.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-22707\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-01-06T06:15:07.243\",\"lastModified\":\"2024-11-21T06:47:17.437\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.\"},{\"lang\":\"es\",\"value\":\"En lighttpd versiones 1.4.46 hasta 1.4.63, la funci\u00f3n mod_extforward_Forwarded del plugin mod_extforward tiene un desbordamiento de b\u00fafer basado en la pila (4 bytes que representan -1), como lo demuestra la denegaci\u00f3n de servicio remota (ca\u00edda del demonio) en una configuraci\u00f3n no predeterminada. La configuraci\u00f3n no predeterminada requiere el manejo de la cabecera Forwarded de una manera algo inusual. Adem\u00e1s, es mucho m\u00e1s probable que un sistema de 32 bits se vea afectado que un sistema de 64 bits\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.4.46\",\"versionEndIncluding\":\"1.4.63\",\"matchCriteriaId\":\"204D3986-08C3-45EB-BA51-2D115E73947E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://redmine.lighttpd.net/issues/3134\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5040\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://redmine.lighttpd.net/issues/3134\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5040\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
gsd-2022-22707
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-22707",
"description": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.",
"id": "GSD-2022-22707",
"references": [
"https://www.suse.com/security/cve/CVE-2022-22707.html",
"https://www.debian.org/security/2022/dsa-5040",
"https://advisories.mageia.org/CVE-2022-22707.html",
"https://ubuntu.com/security/CVE-2022-22707"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-22707"
],
"details": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.",
"id": "GSD-2022-22707",
"modified": "2023-12-13T01:19:28.908010Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-22707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://redmine.lighttpd.net/issues/3134",
"refsource": "MISC",
"url": "https://redmine.lighttpd.net/issues/3134"
},
{
"name": "DSA-5040",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5040"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.4.63",
"versionStartIncluding": "1.4.46",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-22707"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://redmine.lighttpd.net/issues/3134",
"refsource": "MISC",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://redmine.lighttpd.net/issues/3134"
},
{
"name": "DSA-5040",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5040"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-01-13T20:52Z",
"publishedDate": "2022-01-06T06:15Z"
}
}
}
wid-sec-w-2023-0506
Vulnerability from csaf_certbund
Published
2022-01-06 23:00
Modified
2023-02-28 23:00
Summary
lighttpd: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
lighttpd ist ein Open Source Webserver.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in lighttpd ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "lighttpd ist ein Open Source Webserver.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in lighttpd ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0506 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0506.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0506 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0506"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5903-1 vom 2023-02-28",
"url": "https://ubuntu.com/security/notices/USN-5903-1"
},
{
"category": "external",
"summary": "lighthttpd Issue 3134 vom 2022-01-06",
"url": "https://redmine.lighttpd.net/issues/3134"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5040 vom 2022-01-11",
"url": "https://www.debian.org/security/2022/dsa-5040"
}
],
"source_lang": "en-US",
"title": "lighttpd: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2023-02-28T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:45:37.852+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0506",
"initial_release_date": "2022-01-06T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-01-06T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-01-11T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-02-28T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source lighttpd \u003c= 1.4.63",
"product": {
"name": "Open Source lighttpd \u003c= 1.4.63",
"product_id": "T021495",
"product_identification_helper": {
"cpe": "cpe:/a:lighttpd:lighttpd:1.4.63"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-22707",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in lighttpd im Modul \"mod_extforward\". Sie ist auf einen stapelbasierten Puffer\u00fcberlauf zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"2951",
"T000126"
],
"last_affected": [
"T021495"
]
},
"release_date": "2022-01-06T23:00:00.000+00:00",
"title": "CVE-2022-22707"
}
]
}
opensuse-su-2024:11764-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
lighttpd-1.4.64-1.1 on GA media
Notes
Title of the patch
lighttpd-1.4.64-1.1 on GA media
Description of the patch
These are all security issues fixed in the lighttpd-1.4.64-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11764
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "lighttpd-1.4.64-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the lighttpd-1.4.64-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11764",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11764-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22707 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22707/"
}
],
"title": "lighttpd-1.4.64-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11764-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "lighttpd-1.4.64-1.1.aarch64",
"product": {
"name": "lighttpd-1.4.64-1.1.aarch64",
"product_id": "lighttpd-1.4.64-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_gssapi-1.4.64-1.1.aarch64",
"product": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-1.1.aarch64",
"product_id": "lighttpd-mod_authn_gssapi-1.4.64-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_ldap-1.4.64-1.1.aarch64",
"product": {
"name": "lighttpd-mod_authn_ldap-1.4.64-1.1.aarch64",
"product_id": "lighttpd-mod_authn_ldap-1.4.64-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_pam-1.4.64-1.1.aarch64",
"product": {
"name": "lighttpd-mod_authn_pam-1.4.64-1.1.aarch64",
"product_id": "lighttpd-mod_authn_pam-1.4.64-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_sasl-1.4.64-1.1.aarch64",
"product": {
"name": "lighttpd-mod_authn_sasl-1.4.64-1.1.aarch64",
"product_id": "lighttpd-mod_authn_sasl-1.4.64-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_magnet-1.4.64-1.1.aarch64",
"product": {
"name": "lighttpd-mod_magnet-1.4.64-1.1.aarch64",
"product_id": "lighttpd-mod_magnet-1.4.64-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_maxminddb-1.4.64-1.1.aarch64",
"product": {
"name": "lighttpd-mod_maxminddb-1.4.64-1.1.aarch64",
"product_id": "lighttpd-mod_maxminddb-1.4.64-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_rrdtool-1.4.64-1.1.aarch64",
"product": {
"name": "lighttpd-mod_rrdtool-1.4.64-1.1.aarch64",
"product_id": "lighttpd-mod_rrdtool-1.4.64-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.aarch64",
"product": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.aarch64",
"product_id": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.aarch64",
"product": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.aarch64",
"product_id": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.aarch64",
"product": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.aarch64",
"product_id": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.aarch64",
"product": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.aarch64",
"product_id": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_webdav-1.4.64-1.1.aarch64",
"product": {
"name": "lighttpd-mod_webdav-1.4.64-1.1.aarch64",
"product_id": "lighttpd-mod_webdav-1.4.64-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "lighttpd-1.4.64-1.1.ppc64le",
"product": {
"name": "lighttpd-1.4.64-1.1.ppc64le",
"product_id": "lighttpd-1.4.64-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_gssapi-1.4.64-1.1.ppc64le",
"product": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-1.1.ppc64le",
"product_id": "lighttpd-mod_authn_gssapi-1.4.64-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_ldap-1.4.64-1.1.ppc64le",
"product": {
"name": "lighttpd-mod_authn_ldap-1.4.64-1.1.ppc64le",
"product_id": "lighttpd-mod_authn_ldap-1.4.64-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_pam-1.4.64-1.1.ppc64le",
"product": {
"name": "lighttpd-mod_authn_pam-1.4.64-1.1.ppc64le",
"product_id": "lighttpd-mod_authn_pam-1.4.64-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_sasl-1.4.64-1.1.ppc64le",
"product": {
"name": "lighttpd-mod_authn_sasl-1.4.64-1.1.ppc64le",
"product_id": "lighttpd-mod_authn_sasl-1.4.64-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_magnet-1.4.64-1.1.ppc64le",
"product": {
"name": "lighttpd-mod_magnet-1.4.64-1.1.ppc64le",
"product_id": "lighttpd-mod_magnet-1.4.64-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_maxminddb-1.4.64-1.1.ppc64le",
"product": {
"name": "lighttpd-mod_maxminddb-1.4.64-1.1.ppc64le",
"product_id": "lighttpd-mod_maxminddb-1.4.64-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_rrdtool-1.4.64-1.1.ppc64le",
"product": {
"name": "lighttpd-mod_rrdtool-1.4.64-1.1.ppc64le",
"product_id": "lighttpd-mod_rrdtool-1.4.64-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.ppc64le",
"product": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.ppc64le",
"product_id": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.ppc64le",
"product": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.ppc64le",
"product_id": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.ppc64le",
"product": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.ppc64le",
"product_id": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.ppc64le",
"product": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.ppc64le",
"product_id": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_webdav-1.4.64-1.1.ppc64le",
"product": {
"name": "lighttpd-mod_webdav-1.4.64-1.1.ppc64le",
"product_id": "lighttpd-mod_webdav-1.4.64-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "lighttpd-1.4.64-1.1.s390x",
"product": {
"name": "lighttpd-1.4.64-1.1.s390x",
"product_id": "lighttpd-1.4.64-1.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_gssapi-1.4.64-1.1.s390x",
"product": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-1.1.s390x",
"product_id": "lighttpd-mod_authn_gssapi-1.4.64-1.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_ldap-1.4.64-1.1.s390x",
"product": {
"name": "lighttpd-mod_authn_ldap-1.4.64-1.1.s390x",
"product_id": "lighttpd-mod_authn_ldap-1.4.64-1.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_pam-1.4.64-1.1.s390x",
"product": {
"name": "lighttpd-mod_authn_pam-1.4.64-1.1.s390x",
"product_id": "lighttpd-mod_authn_pam-1.4.64-1.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_sasl-1.4.64-1.1.s390x",
"product": {
"name": "lighttpd-mod_authn_sasl-1.4.64-1.1.s390x",
"product_id": "lighttpd-mod_authn_sasl-1.4.64-1.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_magnet-1.4.64-1.1.s390x",
"product": {
"name": "lighttpd-mod_magnet-1.4.64-1.1.s390x",
"product_id": "lighttpd-mod_magnet-1.4.64-1.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_maxminddb-1.4.64-1.1.s390x",
"product": {
"name": "lighttpd-mod_maxminddb-1.4.64-1.1.s390x",
"product_id": "lighttpd-mod_maxminddb-1.4.64-1.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_rrdtool-1.4.64-1.1.s390x",
"product": {
"name": "lighttpd-mod_rrdtool-1.4.64-1.1.s390x",
"product_id": "lighttpd-mod_rrdtool-1.4.64-1.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.s390x",
"product": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.s390x",
"product_id": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.s390x",
"product": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.s390x",
"product_id": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.s390x",
"product": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.s390x",
"product_id": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.s390x",
"product": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.s390x",
"product_id": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_webdav-1.4.64-1.1.s390x",
"product": {
"name": "lighttpd-mod_webdav-1.4.64-1.1.s390x",
"product_id": "lighttpd-mod_webdav-1.4.64-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "lighttpd-1.4.64-1.1.x86_64",
"product": {
"name": "lighttpd-1.4.64-1.1.x86_64",
"product_id": "lighttpd-1.4.64-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_gssapi-1.4.64-1.1.x86_64",
"product": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-1.1.x86_64",
"product_id": "lighttpd-mod_authn_gssapi-1.4.64-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_ldap-1.4.64-1.1.x86_64",
"product": {
"name": "lighttpd-mod_authn_ldap-1.4.64-1.1.x86_64",
"product_id": "lighttpd-mod_authn_ldap-1.4.64-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_pam-1.4.64-1.1.x86_64",
"product": {
"name": "lighttpd-mod_authn_pam-1.4.64-1.1.x86_64",
"product_id": "lighttpd-mod_authn_pam-1.4.64-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_sasl-1.4.64-1.1.x86_64",
"product": {
"name": "lighttpd-mod_authn_sasl-1.4.64-1.1.x86_64",
"product_id": "lighttpd-mod_authn_sasl-1.4.64-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_magnet-1.4.64-1.1.x86_64",
"product": {
"name": "lighttpd-mod_magnet-1.4.64-1.1.x86_64",
"product_id": "lighttpd-mod_magnet-1.4.64-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_maxminddb-1.4.64-1.1.x86_64",
"product": {
"name": "lighttpd-mod_maxminddb-1.4.64-1.1.x86_64",
"product_id": "lighttpd-mod_maxminddb-1.4.64-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_rrdtool-1.4.64-1.1.x86_64",
"product": {
"name": "lighttpd-mod_rrdtool-1.4.64-1.1.x86_64",
"product_id": "lighttpd-mod_rrdtool-1.4.64-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.x86_64",
"product": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.x86_64",
"product_id": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.x86_64",
"product": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.x86_64",
"product_id": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.x86_64",
"product": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.x86_64",
"product_id": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.x86_64",
"product": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.x86_64",
"product_id": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_webdav-1.4.64-1.1.x86_64",
"product": {
"name": "lighttpd-mod_webdav-1.4.64-1.1.x86_64",
"product_id": "lighttpd-mod_webdav-1.4.64-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-1.4.64-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-1.4.64-1.1.aarch64"
},
"product_reference": "lighttpd-1.4.64-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-1.4.64-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-1.4.64-1.1.ppc64le"
},
"product_reference": "lighttpd-1.4.64-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-1.4.64-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-1.4.64-1.1.s390x"
},
"product_reference": "lighttpd-1.4.64-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-1.4.64-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-1.4.64-1.1.x86_64"
},
"product_reference": "lighttpd-1.4.64-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.aarch64"
},
"product_reference": "lighttpd-mod_authn_gssapi-1.4.64-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.ppc64le"
},
"product_reference": "lighttpd-mod_authn_gssapi-1.4.64-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.s390x"
},
"product_reference": "lighttpd-mod_authn_gssapi-1.4.64-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.x86_64"
},
"product_reference": "lighttpd-mod_authn_gssapi-1.4.64-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_ldap-1.4.64-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.aarch64"
},
"product_reference": "lighttpd-mod_authn_ldap-1.4.64-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_ldap-1.4.64-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.ppc64le"
},
"product_reference": "lighttpd-mod_authn_ldap-1.4.64-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_ldap-1.4.64-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.s390x"
},
"product_reference": "lighttpd-mod_authn_ldap-1.4.64-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_ldap-1.4.64-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.x86_64"
},
"product_reference": "lighttpd-mod_authn_ldap-1.4.64-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_pam-1.4.64-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.aarch64"
},
"product_reference": "lighttpd-mod_authn_pam-1.4.64-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_pam-1.4.64-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.ppc64le"
},
"product_reference": "lighttpd-mod_authn_pam-1.4.64-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_pam-1.4.64-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.s390x"
},
"product_reference": "lighttpd-mod_authn_pam-1.4.64-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_pam-1.4.64-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.x86_64"
},
"product_reference": "lighttpd-mod_authn_pam-1.4.64-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_sasl-1.4.64-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.aarch64"
},
"product_reference": "lighttpd-mod_authn_sasl-1.4.64-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_sasl-1.4.64-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.ppc64le"
},
"product_reference": "lighttpd-mod_authn_sasl-1.4.64-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_sasl-1.4.64-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.s390x"
},
"product_reference": "lighttpd-mod_authn_sasl-1.4.64-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_sasl-1.4.64-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.x86_64"
},
"product_reference": "lighttpd-mod_authn_sasl-1.4.64-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_magnet-1.4.64-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.aarch64"
},
"product_reference": "lighttpd-mod_magnet-1.4.64-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_magnet-1.4.64-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.ppc64le"
},
"product_reference": "lighttpd-mod_magnet-1.4.64-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_magnet-1.4.64-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.s390x"
},
"product_reference": "lighttpd-mod_magnet-1.4.64-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_magnet-1.4.64-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.x86_64"
},
"product_reference": "lighttpd-mod_magnet-1.4.64-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_maxminddb-1.4.64-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.aarch64"
},
"product_reference": "lighttpd-mod_maxminddb-1.4.64-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_maxminddb-1.4.64-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.ppc64le"
},
"product_reference": "lighttpd-mod_maxminddb-1.4.64-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_maxminddb-1.4.64-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.s390x"
},
"product_reference": "lighttpd-mod_maxminddb-1.4.64-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_maxminddb-1.4.64-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.x86_64"
},
"product_reference": "lighttpd-mod_maxminddb-1.4.64-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_rrdtool-1.4.64-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.aarch64"
},
"product_reference": "lighttpd-mod_rrdtool-1.4.64-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_rrdtool-1.4.64-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.ppc64le"
},
"product_reference": "lighttpd-mod_rrdtool-1.4.64-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_rrdtool-1.4.64-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.s390x"
},
"product_reference": "lighttpd-mod_rrdtool-1.4.64-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_rrdtool-1.4.64-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.x86_64"
},
"product_reference": "lighttpd-mod_rrdtool-1.4.64-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.aarch64"
},
"product_reference": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.ppc64le"
},
"product_reference": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.s390x"
},
"product_reference": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.x86_64"
},
"product_reference": "lighttpd-mod_vhostdb_dbi-1.4.64-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.aarch64"
},
"product_reference": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.ppc64le"
},
"product_reference": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.s390x"
},
"product_reference": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.x86_64"
},
"product_reference": "lighttpd-mod_vhostdb_ldap-1.4.64-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.aarch64"
},
"product_reference": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.ppc64le"
},
"product_reference": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.s390x"
},
"product_reference": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.x86_64"
},
"product_reference": "lighttpd-mod_vhostdb_mysql-1.4.64-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.aarch64"
},
"product_reference": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.ppc64le"
},
"product_reference": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.s390x"
},
"product_reference": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.x86_64"
},
"product_reference": "lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_webdav-1.4.64-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.aarch64"
},
"product_reference": "lighttpd-mod_webdav-1.4.64-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_webdav-1.4.64-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.ppc64le"
},
"product_reference": "lighttpd-mod_webdav-1.4.64-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_webdav-1.4.64-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.s390x"
},
"product_reference": "lighttpd-mod_webdav-1.4.64-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_webdav-1.4.64-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.x86_64"
},
"product_reference": "lighttpd-mod_webdav-1.4.64-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-22707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22707"
}
],
"notes": [
{
"category": "general",
"text": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:lighttpd-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22707",
"url": "https://www.suse.com/security/cve/CVE-2022-22707"
},
{
"category": "external",
"summary": "SUSE Bug 1194376 for CVE-2022-22707",
"url": "https://bugzilla.suse.com/1194376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:lighttpd-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:lighttpd-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.64-1.1.x86_64",
"openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.aarch64",
"openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.ppc64le",
"openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.s390x",
"openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.64-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-22707"
}
]
}
opensuse-su-2022:0024-1
Vulnerability from csaf_opensuse
Published
2022-02-02 12:46
Modified
2022-02-02 12:46
Summary
Security update for lighttpd
Notes
Title of the patch
Security update for lighttpd
Description of the patch
This update for lighttpd fixes the following issues:
lighttpd was updated to 1.4.64:
* CVE-2022-22707: off-by-one stack overflow in the mod_extforward
plugin (boo#1194376)
* graceful restart/shutdown timeout changed from 0 (disabled) to
8 seconds. configure an alternative with:
server.feature-flags += (“server.graceful-shutdown-timeout” => 8)
* deprecated modules (previously announced) have been removed:
mod_authn_mysql, mod_mysql_vhost, mod_cml, mod_flv_streaming,
mod_geoip, mod_trigger_b4_dl
update to 1.4.63:
* import xxHash v0.8.1
* fix reqpool mem corruption in 1.4.62
includes changes in 1.4.62:
* [mod_alias] fix use-after-free bug
* many developer visible bug fixes
update to 1.4.61:
* mod_dirlisting: sort '../' to top
* fix HTTP/2 upload > 64k w/ max-request-size
* code level and developer visible bug fixes
update to 1.4.60:
* HTTP/2 smoother and lower memory use (in general)
* HTTP/2 tuning to better handle aggressive client initial
requests
* reduce memory footprint; workaround poor glibc behavior;
jemalloc is better
* mod_magnet lua performance improvements
* mod_dirlisting performance improvements and new caching option
* memory constraints for extreme edge cases in mod_dirlisting,
mod_ssi, mod_webdav
* connect(), write(), read() time limits on backends (separate
from client timeouts)
* lighttpd restarts if large discontinuity in time occurs
(embedded systems)
* RFC7233 Range support for all non-streaming responses, not
only static files
* connect() to backend now has default 8 second timeout
(configurable)
- Added hardening to systemd service(s) (boo#1181400).
update to 1.4.59:
* HTTP/2 enabled by default
* mod_deflate zstd suppport
* new mod_ajp13
Update to 1.4.58:
* [mod_wolfssl] use wolfSSL TLS version defines
* [mod_wolfssl] compile with earlier wolfSSL vers
* [core] prefer IPv6+IPv4 func vs IPv4-specific func
* [core] reuse large mem chunks (fix mem usage) (fixes #3033)
* [core] add comment for FastCGI mem use in hctx->rb (#3033)
* [mod_proxy] fix sending of initial reqbody chunked
* [multiple] fdevent_waitpid() wrapper
* [core] sys-time.h - localtime_r,gmtime_r macros
* [core] http_date.[ch] encapsulate HTTP-date parse
* [core] specialized strptime() for HTTP date fmts
* [multiple] employ http_date.h, sys-time.h
* [core] http_date_timegm() (portable timegm())
* buffer_append_path_len() to join paths
* [core] inet_ntop_cache -> sock_addr_cache
* [multiple] etag.[ch] -> http_etag.[ch]; better imp
* [core] fix crash after specific err in config file
* [core] fix bug in FastCGI uploads (#3033)
* [core] http_response_match_if_range()
* [mod_webdav] typedef off_t loff_t for FreeBSD
* [multiple] chunkqueue_write_chunk()
* [build] add GNUMAKEFLAGS=--no-print-directory
* [core] fix bug in read retry found by coverity
* [core] attempt to quiet some coverity warnings
* [mod_webdav] compile fix for Mac OSX/11
* [core] handle U+00A0 in config parser
* [core] fix lighttpd -1 one-shot with pipes
* [core] quiet start/shutdown trace in one-shot mode
* [core] allow keep-alives in one-shot mode (#3042)
* [mod_webdav] define _ATFILE_SOURCE if AT_FDCWD
* [core] setsockopt IPV6_V6ONLY if server.v4mapped
* [core] prefer inet_aton() over inet_addr()
* [core] add missing mod_wolfssl to ssl compat list
* [mod_openssl] remove ancient preprocessor logic
* [core] SHA512_Init, SHA512_Update, SHA512_Final
* [mod_wolfssl] add complex preproc logic for SNI
* [core] wrap a macro value with parens
* [core] fix handling chunked response from backend (fixes #3044)
* [core] always set file.fd = -1 on FILE_CHUNK reset (fixes #3044)
* [core] skip some trace if backend Upgrade (#3044)
* [TLS] cert-staple.sh POSIX sh compat (fixes #3043)
* [core] portability fix if st_mtime not defined
* [mod_nss] portability fix
* [core] warn if mod_authn_file needed in conf
* [core] fix chunked decoding from backend (fixes #3044)
* [core] reject excess data after chunked encoding (#3046)
* [core] track chunked encoding state from backend (fixes #3046)
* [core] li_restricted_strtoint64()
* [core] track Content-Length from backend (fixes #3046)
* [core] enhance config parsing debugging (#3047)
* [core] reorder srv->config_context to match ndx (fixes #3047)
* [mod_proxy] proxy.header = ('force-http10' => ...)
* [mod_authn_ldap] fix crash (fixes #3048)
* [mod_authn_ldap, mod_vhostdb_ldap] default cafile
* [core] fix array_copy_array() sorted[]
* [multiple] replace fall through comment with attr
* [core] fix crash printing trace if backend is down
* [core] fix decoding chunked from backend (fixes #3049)
* [core] attempt to quiet some coverity warnings
* [core] perf: request processing
* [core] http_header_str_contains_token()
* [mod_flv_streaming] parse query string w/o copying
* [mod_evhost] use local array to split values
* [core] remove srv->split_vals
* [core] add User-Agent to http_header_e enum
* [core] store struct server * in struct connection
* [core] use func rc to indicate done reading header
* [core] replace connection_set_state w/ assignment
* [core] do not pass srv to http header parsing func
* [core] cold buffer_string_prepare_append_resize()
* [core] chunkqueue_compact_mem()
* [core] connection_chunkqueue_compact()
* [core] pass con around request, not srv and con
* [core] reduce use of struct parse_header_state
* [core] perf: HTTP header parsing using \n offsets
* [core] no need to pass srv to connection_set_state
* [core] perf: connection_read_header_more()
* [core] perf: connection_read_header_hoff() hot
* [core] inline connection_read_header()
* [core] pass ptr to http_request_parse()
* [core] more 'const' in request.c prototypes
* [core] handle common case of alnum or - field-name
* [mod_extforward] simplify code: use light_isxdigit
* [core] perf: array.c performance enhancements
* [core] mark some data_* funcs cold
* [core] http_header.c internal inline funcs
* [core] remove unused array_reset()
* [core] prefer uint32_t to size_t in base.h
* [core] uint32_t for struct buffer sizes
* [core] remove unused members of struct server
* [core] short-circuit path to clear request.headers
* [core] array keys are non-empty in key-value list
* [core] keep a->data[] sorted; remove a->sorted[]
* [core] __attribute_returns_nonnull__
* [core] differentiate array_get_* for ro and rw
* [core] (const buffer *) in (struct burl_parts_t)
* [core] (const buffer *) for con->server_name
* [core] perf: initialize con->conf using memcpy()
* [core] run config_setup_connection() fewer times
* [core] isolate data_config.c, vector.c
* [core] treat con->conditional_is_valid as bitfield
* [core] http_header_hkey_get() over const array
* [core] inline buffer as part of DATA_UNSET key
* [core] inline buffer key for *_patch_connection()
* [core] (data_unset *) from array_get_element_klen
* [core] inline buffer as part of data_string value
* [core] add const to callers of http_header_*_get()
* [core] inline array as part of data_array value
* [core] const char *op in data_config
* [core] buffer string in data_config
* [core] streamline config_check_cond()
* [core] keep a->data[] sorted (REVERT)
* [core] array a->sorted[] as ptrs rather than pos
* [core] inline header and env arrays into con
* [mod_accesslog] avoid alloc for parsing cookie val
* [core] simpler config_check_cond()
* [mod_redirect,mod_rewrite] store context_ndx
* [core] const char *name in struct plugin
* [core] srv->plugin_slots as compact list
* [core] rearrange server_config, server members
* [core] macros CONST_LEN_STR and CONST_STR_LEN
* [core] struct plugin_data_base
* [core] improve condition caching perf
* [core] config_plugin_values_init() new interface
* [mod_access] use config_plugin_values_init()
* [core] (const buffer *) from strftime_cache_get()
* [core] mv config_setup_connection to connections.c
* [core] use (const char *) in config file parsing
* [mod_staticfile] use config_plugin_values_init()
* [mod_skeleton] use config_plugin_values_init()
* [mod_setenv] use config_plugin_values_init()
* [mod_alias] use config_plugin_values_init()
* [mod_indexfile] use config_plugin_values_init()
* [mod_expire] use config_plugin_values_init()
* [mod_flv_streaming] use config_plugin_values_init()
* [mod_magnet] use config_plugin_values_init()
* [mod_usertrack] use config_plugin_values_init()
* [mod_userdir] split policy from userdir path build
* [mod_userdir] use config_plugin_values_init()
* [mod_ssi] use config_plugin_values_init()
* [mod_uploadprogress] use config_plugin_values_init()
* [mod_status] use config_plugin_values_init()
* [mod_cml] use config_plugin_values_init()
* [mod_secdownload] use config_plugin_values_init()
* [mod_geoip] use config_plugin_values_init()
* [mod_evasive] use config_plugin_values_init()
* [mod_trigger_b4_dl] use config_plugin_values_init()
* [mod_accesslog] use config_plugin_values_init()
* [mod_simple_vhost] use config_plugin_values_init()
* [mod_evhost] use config_plugin_values_init()
* [mod_vhostdb*] use config_plugin_values_init()
* [mod_mysql_vhost] use config_plugin_values_init()
* [mod_maxminddb] use config_plugin_values_init()
* [mod_auth*] use config_plugin_values_init()
* [mod_deflate] use config_plugin_values_init()
* [mod_compress] use config_plugin_values_init()
* [core] add xsendfile* check if xdocroot is NULL
* [mod_cgi] use config_plugin_values_init()
* [mod_dirlisting] use config_plugin_values_init()
* [mod_extforward] use config_plugin_values_init()
* [mod_webdav] use config_plugin_values_init()
* [core] store addtl data in pcre_keyvalue_buffer
* [mod_redirect] use config_plugin_values_init()
* [mod_rewrite] use config_plugin_values_init()
* [mod_rrdtool] use config_plugin_values_init()
* [multiple] gw_backends config_plugin_values_init()
* [core] config_get_config_cond_info()
* [mod_openssl] use config_plugin_values_init()
* [core] use config_plugin_values_init()
* [core] collect more config logic into configfile.c
* [core] config_plugin_values_init_block()
* [core] gw_backend config_plugin_values_init_block
* [core] remove old config_insert_values_*() funcs
* [multiple] plugin.c handles common FREE_FUNC code
* [core] run all trigger and sighup handlers
* [mod_wstunnel] change DEBUG_LOG to use log_error()
* [core] stat_cache_path_contains_symlink use errh
* [core] isolate use of data_config, configfile.h
* [core] split cond cache from cond matches
* [mod_auth] inline arrays in http_auth_require_t
* [core] array_init() arg for initial size
* [core] gw_exts_clear_check_local()
* [core] gw_backend less pointer chasing
* [core] connection_handle_errdoc() separate func
* [multiple] prefer (connection *) to (srv *)
* [core] create http chunk header on the stack
* [multiple] connection hooks no longer get (srv *)
* [multiple] plugin_stats array
* [core] read up-to fixed size chunk before fionread
* [core] default chunk size 8k (was 4k)
* [core] pass con around gw_backend instead of srv
* [core] log_error_multiline_buffer()
* [multiple] reduce direct use of srv->cur_ts
* [multiple] extern log_epoch_secs
* [multiple] reduce direct use of srv->errh
* [multiple] stat_cache singleton
* [mod_expire] parse config into structured data
* [multiple] generic config array type checking
* [multiple] rename r to rc rv rd wr to be different
* [core] (minor) config_plugin_keys_t data packing
* [core] inline buffer in log_error_st errh
* [multiple] store srv->tmp_buf in tb var
* [multiple] quiet clang compiler warnings
* [core] http_status_set_error_close()
* [core] http_request_host_policy w/ http_parseopts
* [multiple] con->proto_default_port
* [core] store log filename in (log_error_st *)
* [core] separate log_error_open* funcs
* [core] fdevent uses uint32_t instead of size_t
* [mod_webdav] large buffer reuse
* [mod_accesslog] flush file log buffer at 8k size
* [core] include settings.h where used
* [core] static buffers for mtime_cache
* [core] convenience macros to check req methods
* [core] support multiple error logs
* [multiple] omit passing srv to fdevent_handler
* [core] remove unused arg to fdevent_fcntl_set_nb*
* [core] slightly simpify server_(over)load_check()
* [core] isolate fdevent subsystem
* [core] isolate stat_cache subsystem
* [core] remove include base.h where unused
* [core] restart dead piped loggers every 64 sec
* [mod_webdav] use copy_file_range() if available
* [core] perf: buffer copy and append
* [core] copy some srv->srvconf into con->conf
* [core] move keep_alive flag into request_st
* [core] pass scheme port to http_request_parse()
* [core] pass http_parseopts around request.c
* [core] rename specific_config to request_config
* [core] move request_st,request_config to request.h
* [core] pass (request_st *) to request.c funcs
* [core] remove unused request_st member 'request'
* [core] rename content_length to reqbody_length
* [core] t/test_request.c using (request_st *)
* [core] (const connection *) in http_header_*_get()
* [mod_accesslog] log_access_record() fmt log record
* [core] move request start ts into (request_st *)
* [core] move addtl request-specific struct members
* [core] move addtl request-specific struct members
* [core] move plugin_ctx into (request_st *)
* [core] move addtl request-specific struct members
* [core] move request state into (request_st *)
* [core] store (plugin *) in p->data
* [core] store subrequest_handler instead of mode
* [multiple] copy small struct instead of memcpy()
* [multiple] split con, request (very large change)
* [core] r->uri.path always set, though might be ''
* [core] C99 restrict on some base funcs
* [core] dispatch handler in handle_request func
* [core] http_request_parse_target()
* [mod_magnet] modify r->target with 'uri.path-raw'
* [core] remove r->uri.path_raw; generate as needed
* [core] http_response_comeback()
* [core] http_response_config()
* [tests] use buffer_eq_slen() for str comparison
* [core] http_status_append() short-circuit 200 OK
* [core] mark some chunk.c funcs as pure
* [core] use uint32_t in http_header.[ch]
* [core] perf: tighten some code in some hot paths
* [core] parse header label before end of line
* [mod_auth] 'nonce_secret' option to validate nonce (fixes #2976)
* [build] fix build on MacOS X Tiger
* [doc] lighttpd.conf: lighttpd choose event-handler
* [config] blank server.tag if whitespace-only
* [mod_proxy] stream request using HTTP/1.1 chunked (fixes #3006)
* [multiple] correct misspellings in comments
* [multiple] fix some cc warnings in 32-bit, powerpc
* [tests] fix skip count in mod-fastcgi w/o php-cgi
* [multiple] ./configure --with-nettle to use Nettle
* [core] skip excess close() when FD_CLOEXEC defined
* [mod_cgi] remove redundant calls to set FD_CLOEXEC
* [core] return EINVAL if stat_cache_get_entry w/o /
* [mod_webdav] define PATH_MAX if not defined
* [mod_accesslog] process backslash-escapes in fmt
* [mod_openssl] disable cert vrfy if ALPN acme-tls/1
* [core] add seed before openssl RAND_pseudo_bytes()
* [mod_mbedtls] mbedTLS option for TLS
* [core] prefer getxattr() instead of get_attr()
* [multiple] use *(unsigned char *) with ctypes
* [mod_openssl] do not log ECONNRESET unless debug
* [mod_openssl] SSL_R_UNEXPECTED_EOF_WHILE_READING
* [mod_gnutls] GnuTLS option for TLS (fixes #109)
* [mod_openssl] rotate session ticket encryption key
* [mod_openssl] set cert from callback in 1.0.2+ (fixes #2842)
* [mod_openssl] set chains from callback in 1.0.2+ (#2842)
* [core] RFC-strict parse of Content-Length
* [build] point ./configure --help to support forum
* [core] stricter parse of numerical digits
* [multiple] add summaries to top of some modules
* [core] sys-crypto-md.h w/ inline message digest fn
* [mod_openssl] enable read-ahead, if set, after SNI
* [mod_openssl] issue warning for deprecated options
* [mod_openssl] use SSL_OP_NO_RENEGOTIATION if avail
* [mod_openssl] use openssl feature define for ALPN
* [mod_openssl] update default DH params
* [core] SecureZeroMemory() on _WIN32
* [core] safe memset calls memset() through volatile
* [doc] update comments in doc/config/modules.conf
* [core] more precise check for request stream flags
* [mod_openssl] rotate session ticket encryption key
* [mod_openssl] ssl.stek-file to specify encrypt key
* [mod_mbedtls] ssl.stek-file to specify encrypt key
* [mod_gnutls] ssl.stek-file to specify encrypt key
* [mod_openssl] disable session cache; prefer ticket
* [mod_openssl] compat with LibreSSL
* [mod_openssl] compat with WolfSSL
* [mod_openssl] set SSL_OP_PRIORITIZE_CHACHA
* [mod_openssl] move SSL_CTX curve conf to new func
* [mod_openssl] basic SSL_CONF_cmd for alt TLS libs
* [mod_openssl] OCSP stapling (fixes #2469)
* [TLS] cert-staple.sh - refresh OCSP responses (#2469)
* [mod_openssl] compat with BoringSSL
* [mod_gnutls] option to override GnuTLS priority
* [mod_gnutls] OCSP stapling (#2469)
* [mod_extforward] config warning for module order
* [mod_webdav] store webdav.opts as bitflags
* [mod_webdav] limit webdav_propfind_dir() recursion
* [mod_webdav] unsafe-propfind-follow-symlink option
* [mod_webdav] webdav.opts 'propfind-depth-infinity'
* [mod_openssl] detect certs marked OCSP Must-Staple
* [mod_gnutls] detect certs marked OCSP Must-Staple
* [mod_openssl] default to set MinProtocol TLSv1.2
* [mod_nss] NSS option for TLS (fixes #1218)
* [core] fdevent_load_file() shared code
* [mod_openssl,mbedtls,gnutls,nss] fdevent_load_file
* [core] error if s->socket_perms chmod() fails
* [mod_openssl] prefer some WolfSSL native APIs
* quiet clang analyzer scan-build warnings
* [core] uint32_t is plenty large for path names
* [mod_mysql_vhost] deprecated; use mod_vhostdb_mysql
* [core] splaytree_djbhash() in splaytree.h (reuse)
* [cmake] update deps for src/t/test_*
* [cmake] update deps for src/t/test_*
* [build] remove tests/mod-userdir.t from builds
* [build] fix typo in src/Makefile.am EXTRA_DIST
* [core] remove unused mbedtls_enabled flag
* [core] store fd in srv->stdin_fd during setup
* [multiple] address coverity warnings
* [mod_webdav] fix theoretical NULL dereference
* [mod_webdav] update rc for PROPFIND allprop
* [mod_webdav] build fix: ifdef live_properties
* [multiple] address coverity warnings
* [meson] fix libmariadb dependency
* [meson] add missing libmaxminddb section
* [mod_auth,mod_vhostdb] add caching option (fixes #2805)
* [mod_authn_ldap,mod_vhostdb_ldap] add timeout opt (#2805)
* [mod_auth] accept 'nonce-secret' & 'nonce_secret'
* [mod_openssl] fix build warnings on MacOS X
* [core] Nettle assert()s if buffer len > digest sz
* [mod_authn_dbi] authn backend employing DBI
* [mod_authn_mysql,file] use crypt() to save stack
* [mod_vhostdb_dbi] allow strings and ints in config
* add ci-build.sh
* move ci-build.sh to scripts
* [build] build fixes for AIX
* [mod_deflate] Brotli support
* [build] bzip2 default to not-enabled in build
* [mod_deflate] fix typo in config option
* [mod_deflate] propagate errs from internal funcs
* [mod_deflate] deflate.cache-dir compressed cache
* [mod_deflate] mod_deflate subsumes mod_compress
* [doc] mod_compress -> mod_deflate
* [tests] mod_compress -> mod_deflate
* [mod_compress] remove mod_compress
* [build] add --with-brotli to CI build
* [core] server.feature-flags extensible config
* [core] con layer plugin_ctx separate from request
* [multiple] con hooks store ctx in con->plugin_ctx
* [core] separate funcs to reset (request_st *)
* [multiple] rename connection_reset hook to request
* [mod_nss] func renames for consistency
* [core] detect and reject TLS connect to cleartext
* [mod_deflate] quicker check for Content-Encoding
* [mod_openssl] read secret data w/ BIO_new_mem_buf
* [core] decode Transfer-Encoding: chunked from gw
* [mod_fastcgi] decode Transfer-Encoding: chunked
* [core] stricter parsing of POST chunked block hdr
* [mod_proxy] send HTTP/1.1 requests to backends
* [tests] test_base64.c clear buf vs reset
* [core] http_header_remove_token()
* [mod_webdav] fix inadvertent string truncation
* [core] add some missing standard includes
* [mod_extforward] attempt to quiet Coverity warning
* [mod_authn_dbi,mod_authn_mysql] fix coverity issue
* scons: fix check environment
* Add avahi service file under doc/avahi/
* [mod_webdav] fix fallback if linkat() fails
* [mod_proxy] do not forward Expect: 100-continue
* [core] chunkqueue_compact_mem() must upd cq->last
* [core] dlsym for FAMNoExists() for compat w/ fam
* [core] disperse settings.h to appropriate headers
* [core] inline buffer_reset()
* [mod_extforward] save proto per connection
* [mod_extforward] skip after HANDLER_COMEBACK
* [core] server.feature-flags to enable h2
* [core] HTTP_VERSION_2
* [multiple] allow TLS ALPN 'h2' if 'server.h2proto'
* [mod_extforward] preserve changed addr for h2 con
* [core] do not send Connection: close if h2
* [core] lowercase response hdr field names for h2
* [core] recognize status: 421 Misdirected Request
* [core] parse h2 pseudo-headers
* [core] request_headers_process()
* [core] connection_state_machine_loop()
* [core] reset connection counters per connection
* [mod_accesslog,mod_rrdtool] HTTP/2 basic accounting
* [core] connection_set_fdevent_interest()
* [core] HTTP2-Settings
* [core] adjust http_request_headers_process()
* [core] http_header_parse_hoff()
* [core] move http_request_headers_process()
* [core] reqpool.[ch] for (request_st *)
* [multiple] modules read reqbody via fn ptr
* [multiple] isolate more con code in connections.c
* [core] isolate more resp code in response.c
* [core] h2.[ch] with stub funcs (incomplete)
* [core] alternate between two joblists
* [core] connection transition to HTTP/2; incomplete
* [core] mark some error paths with attribute cold
* [core] discard 100 102 103 responses from backend
* [core] skip write throttle for 100 Continue
* [core] adjust (disabled) debug code
* [core] update comment
* [core] link in ls-hpack (EXPERIMENTAL)
* [core] HTTP/2 HPACK using LiteSpeed ls-hpack
* [core] h2_send_headers() specialized for resp hdrs
* [core] http_request_parse_header() specialized
* [core] comment possible future ls-hpack optimize
* [mod_status] separate funcs to print request table
* [mod_status] adjust to print HTTP/2 requests
* [core] redirect to dir using relative-path
* [core] ignore empty field-name from backends
* [mod_auth] fix crash if auth.require misconfigured (fixes #3023)
* [core] fix 1-char trunc of default server.tag
* [core] request_acquire(), request_release()
* [core] keep pool of (request_st *) for HTTP/2
* [mod_status] dedicated funcs for r->state labels
* [core] move connections_get_state to connections.c
* [core] fix crash on master after graceful restart
* [core] defer optimization to read small files
* [core] do not require '\0' term for k,v hdr parse
* [scripts] cert-staple.sh enhancements
* [core] document algorithm used in lighttpd etag
* [core] ls-hpack optimizations
* [core] fix crash on master if blank line request
* [core] use djbhash in gw_backend to choose host
* [core] rename md5.[ch] to algo_md5.[ch]
* [core] move djbhash(), dekhash() to algo_md.h
* [core] rename splaytree.[ch] to algo_splaytree.[ch]
* [core] import xxHash v0.8.0
* [build] modify build, includes for xxHash v0.8.0
* [build] remove ls-hpack/deps
* [core] xxhash no inline hints; let compiler choose
* [mod_dirlisting] fix config parsing crash
* [mod_openssl] clarify trace w/ deprecated options
* [doc] refresh doc/config/*/*
* [core] code size: disable XXH64(), XXH3()
* [doc] update README and INSTALL
* [core] combine Cookie request headers with ';'
* [core] log stream id with debug.log-state-handling
* [core] set r->state in h2.c
* [mod_ssi] update chunk after shell output redirect
* [mod_webdav] preserve bytes_out when chunks merged
* [multiple] inline chunkqueue_length()
* [core] cold h2_log_response_header*() funcs
* [core] update HTTP status codes list from IANA
* [mod_wolfssl] standalone module
* [core] Content-Length in http_response_send_file()
* [core] adjust response header prep for common case
* [core] light_isupper(), light_islower()
* [core] tst,set,clr macros for r->{rqst,resp}_htags
* [core] separate http_header_e from _htags bitmask
* [core] http_header_hkey_get_lc() for HTTP/2
* [core] array.[ch] using uint32_t instead of size_t
* [core] extend (data_string *) to store header id
* [multiple] extend enum http_header_e list
* [core] http_header_e <=> lshpack_static_hdr_idx
* [core] skip ls-hpack decode work unused by lighttpd
* [TLS] error if inherit empty TLS cfg from globals
* [core] connection_check_expect_100()
* [core] support multiple 1xx responses from backend
* [core] reload c after chunkqueue_compact_mem()
* [core] relay 1xx from backend over HTTP/2
* [core] relay 1xx from backend over HTTP/1.1
* [core] chunkqueue_{peek,read}_data(), squash
* [multiple] TLS modules use chunkqueue_peek_data()
* [mod_magnet] magnet.attract-response-start-to
* [multiple] code reuse chunkqueue_peek_data()
* [core] reuse r->start_hp.tv_sec for r->start_ts
* [core] config_plugin_value_tobool() accept '0','1'
* [core] graceful and immediate restart option
* [mod_ssi] init status var before waitpid()
* [core] graceful shutdown timeout option
* [core] lighttpd -1 supports pipes (e.g. netcat)
* [core] perf adjustments to avoid load miss
* [multiple] use sock_addr_get_family in more places
* [multiple] inline chunkqueue where always alloc'd
* [core] propagate state after writing
* [core] server_run_con_queue()
* [core] defer handling FDEVENT_HUP and FDEVENT_ERR
* [core] handle unexpected EOF reading FILE_CHUNK
* [core] short-circuit connection_write_throttle()
* [core] walk queue in connection_write_chunkqueue()
* [core] connection_joblist global
* [core] be more precise checking streaming flags
* [core] fdevent_load_file_bytes()
* [TLS] use fdevent_load_file_bytes() for STEK file
* [core] allow symlinks under /dev for rand devices
* [multiple] use light_btst() for hdr existence chk
* [mod_deflate] fix potential NULL deref in err case
* [core] save errno around close() if fstat() fails
* [mod_ssi] use stat_cache_open_rdonly_fstat()
* [core] fdevent_dup_cloexec()
* [core] dup FILE_CHUNK fd when splitting FILE_CHUNK
* [core] stat_cache_path_isdir()
* [multiple] use stat_cache_path_isdir()
* [mod_mbedtls] quiet CLOSE_NOTIFY after conn reset
* [mod_gnutls] quiet CLOSE_NOTIFY after conn reset
* [core] limit num ranges in Range requests
* [core] remove unused r->content_length
* [core] http_response_parse_range() const file sz
* [core] pass open fd to http_response_parse_range
* [core] stat_cache_get_entry_open()
* [core,mod_deflate] leverage cache of open fd
* [doc] comment out config disabling Range for .pdf
* [core] coalesce nearby ranges in Range requests
* [mod_fastcgi] decode chunked is cold code path
* [core] fix chunkqueue_compact_mem w/ partial chunk
* [core] alloc optim reading file, sending chunked
* [core] reuse chunkqueue_compact_mem*()
* [mod_cgi] use splice() to send input to CGI
* [multiple] ignore openssl 3.0.0 deprecation warns
* [mod_openssl] migrate ticket cb to openssl 3.0.0
* [mod_openssl] construct OSSL_PARAM on stack
* [mod_openssl] merge ssl_tlsext_ticket_key_cb impls
* [multiple] openssl 3.0.0 digest interface migrate
* [tests] detect multiple SSL/TLS/crypto providers
* [core] sys-crypto-md.h consistent interfaces
* [wolfssl] wolfSSL_CTX_set_mode differs from others
* [multiple] use NSS crypto if no other crypto avail
* [multiple] stat_cache_path_stat() for struct st
* [TLS] ignore empty 'CipherString' in ssl-conf-cmd
* [multiple] remove chunk file.start member
* [core] modify use of getrlimit() to not be fatal
* [mod_webdav] add missing update to cq accounting
* [mod_webdav] update defaults after worker_init
* [mod_openssl] use newer openssl 3.0.0 func
* [core] config_plugin_value_to_int32()
* [core] minimize pause during graceful restart
* [mod_deflate] use large mmap chunks to compress
* [core] stat_cache_entry reference counting
* [core] FILE_CHUNK can hold stat_cache_entry ref
* [core] http_chunk_append_file_ref_range()
* [multiple] use http_chunk_append_file_ref()
* [core] always lseek() with shared fd
* [core] silence coverity warnings (false positives)
* [core] silence coverity warnings in ls-hpack
* [core] silence coverity warnings (another try)
* [core] fix fd sharing when splitting file chunk
* [mod_mbedtls] quiet unused variable warning
* [core] use inline funcs in sys-crypto-md.h
* [core] add missing declaration for NSS rand
* [core] init NSS lib for basic crypto algorithms
* [doc] change mod_compress refs to mod_deflate
* [doc] replace bzip2 refs with brotli
* [build] remove svnversion from versionstamp rule
* [doc] /var/run -> /run
* [multiple] test for nss includes
* [mod_nss] more nss includes fixes
* [mod_webdav] define _NETBSD_SOURCE on NetBSD
* [core] silence coverity warnings (another try)
* [mod_mbedtls] newer mbedTLS vers support TLSv1.3
* [mod_accesslog] update defaults after cycling log
* [multiple] add some missing config cleanup
* [core] fix (startup) mem leaks in configparser.y
* [core] STAILQ_* -> SIMPLEQ_* on OpenBSD
* [mod_wolfssl] use more wolfssl/options.h defines
* [mod_wolfssl] cripple SNI if not built OPENSSL_ALL
* [mod_wolfssl] need to build --enable-alpn for ALPN
* [mod_secdownload] fix compile w/ NSS on FreeBSD
* [mod_mbedtls] wrap addtl code in preproc defines
* [TLS] server.feature-flags 'ssl.session-cache'
* [core] workaround fragile code in wolfssl types.h
* [core] move misplaced error trace to match option
* [core] adjust wolfssl workaround for another case
* [multiple] consistent order for crypto lib select
* [multiple] include mbedtls/config.h after select
* [multiple] include wolfssl/options.h after select
* [core] set NSS_VER_INCLUDE after crypto lib select
* [core] use system xxhash lib if available
* [doc] refresh doc/config/conf.d/mime.conf
* [meson] add matching -I for lua lib version
* [build] prepend search for lua version 5.4
* [core] use inotify in stat_cache.[ch] on Linux
* [build] detect inotify header <sys/inotify.h>
* [mod_nss] update session ticket NSS devel comment
* [core] set last_used on rd/wr from backend (fixes #3029)
* [core] cold func for gw_recv_response error case
* [core] use kqueue() instead of FAM/gamin on *BSD
* [core] no graceful-restart-bg on OpenBSD, NetBSD
* [mod_openssl] add LIBRESSL_VERSION_NUMBER checks
* [core] use struct kevent on stack in stat_cache
* [core] stat_cache preprocessor paranoia
* [mod_openssl] adjust LIBRESSL_VERSION_NUMBER check
* [mod_maxminddb] fix config validation typo
* [tests] allow LIGHTTPD_EXE_PATH override
* [multiple] handle NULL val as empty in *_env_add (fixes #3030)
* [core] accept 'HTTP/2.0', 'HTTP/3.0' from backends (fixes #3031)
* [build] check for xxhash in more ways
* [core] accept 'HTTP/2.0', 'HTTP/3.0' from backends (#3031)
* [core] http_response_buffer_append_authority()
* [core] define SHA*_DIGEST_LENGTH macros if missing
* [doc] update optional pkg dependencies in INSTALL
* [mod_alias] validate given order, not sorted order
* [core] filter out duplicate modules
* [mod_cgi] fix crash if initial write to CGI fails
* [mod_cgi] ensure tmp file open() before splice()
* [multiple] add back-pressure gw data pump (fixes #3033)
* [core] fix bug when HTTP/2 frames span chunks
* [multiple] more forgiving config str to boolean (fixes #3036)
* [core] check for __builtin_expect() availability
* [core] quiet more request parse errs unless debug
* [core] consolidate chunk size checks
* [mod_flv_streaming] use stat_cache_get_entry_open
* [mod_webdav] pass full path to webdav_unlinkat()
* [mod_webdav] fallbacks if _ATFILE_SOURCE not avail
* [mod_fastcgi] move src/fastcgi.h into src/compat/
* [mod_status] add additional HTML-encoding
* [core] server.v4mapped option
* [mod_webdav] workaround for gvfs dir redir bug
- Remove SuSEfirewall2 service files, SuSEfirewall2 does not exist
anymore
- Changed /etc/logrotate.d/lighttpd from init.d to systemd
fix boo#1146452.
Patchnames
openSUSE-2022-24
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for lighttpd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for lighttpd fixes the following issues:\n\nlighttpd was updated to 1.4.64:\n\n* CVE-2022-22707: off-by-one stack overflow in the mod_extforward\n plugin (boo#1194376)\n* graceful restart/shutdown timeout changed from 0 (disabled) to\n 8 seconds. configure an alternative with:\n server.feature-flags += (\u201cserver.graceful-shutdown-timeout\u201d =\u003e 8)\n* deprecated modules (previously announced) have been removed:\n mod_authn_mysql, mod_mysql_vhost, mod_cml, mod_flv_streaming,\n mod_geoip, mod_trigger_b4_dl\n\nupdate to 1.4.63:\n\n* import xxHash v0.8.1\n* fix reqpool mem corruption in 1.4.62\n\nincludes changes in 1.4.62:\n\n* [mod_alias] fix use-after-free bug\n* many developer visible bug fixes\n\nupdate to 1.4.61:\n\n* mod_dirlisting: sort \u0027../\u0027 to top\n* fix HTTP/2 upload \u003e 64k w/ max-request-size\n* code level and developer visible bug fixes\n\nupdate to 1.4.60:\n\n* HTTP/2 smoother and lower memory use (in general)\n* HTTP/2 tuning to better handle aggressive client initial\n requests\n* reduce memory footprint; workaround poor glibc behavior;\n jemalloc is better\n* mod_magnet lua performance improvements\n* mod_dirlisting performance improvements and new caching option\n* memory constraints for extreme edge cases in mod_dirlisting,\n mod_ssi, mod_webdav\n* connect(), write(), read() time limits on backends (separate\n from client timeouts)\n* lighttpd restarts if large discontinuity in time occurs\n (embedded systems)\n* RFC7233 Range support for all non-streaming responses, not\n only static files\n* connect() to backend now has default 8 second timeout\n (configurable)\n\n- Added hardening to systemd service(s) (boo#1181400).\n\nupdate to 1.4.59:\n\n* HTTP/2 enabled by default\n* mod_deflate zstd suppport\n* new mod_ajp13\n\nUpdate to 1.4.58: \n\n* [mod_wolfssl] use wolfSSL TLS version defines\n* [mod_wolfssl] compile with earlier wolfSSL vers\n* [core] prefer IPv6+IPv4 func vs IPv4-specific func\n* [core] reuse large mem chunks (fix mem usage) (fixes #3033)\n* [core] add comment for FastCGI mem use in hctx-\u003erb (#3033)\n* [mod_proxy] fix sending of initial reqbody chunked\n* [multiple] fdevent_waitpid() wrapper\n* [core] sys-time.h - localtime_r,gmtime_r macros\n* [core] http_date.[ch] encapsulate HTTP-date parse\n* [core] specialized strptime() for HTTP date fmts\n* [multiple] employ http_date.h, sys-time.h\n* [core] http_date_timegm() (portable timegm())\n* buffer_append_path_len() to join paths\n* [core] inet_ntop_cache -\u003e sock_addr_cache\n* [multiple] etag.[ch] -\u003e http_etag.[ch]; better imp\n* [core] fix crash after specific err in config file\n* [core] fix bug in FastCGI uploads (#3033)\n* [core] http_response_match_if_range()\n* [mod_webdav] typedef off_t loff_t for FreeBSD\n* [multiple] chunkqueue_write_chunk()\n* [build] add GNUMAKEFLAGS=--no-print-directory\n* [core] fix bug in read retry found by coverity\n* [core] attempt to quiet some coverity warnings\n* [mod_webdav] compile fix for Mac OSX/11\n* [core] handle U+00A0 in config parser\n* [core] fix lighttpd -1 one-shot with pipes\n* [core] quiet start/shutdown trace in one-shot mode\n* [core] allow keep-alives in one-shot mode (#3042)\n* [mod_webdav] define _ATFILE_SOURCE if AT_FDCWD\n* [core] setsockopt IPV6_V6ONLY if server.v4mapped\n* [core] prefer inet_aton() over inet_addr()\n* [core] add missing mod_wolfssl to ssl compat list\n* [mod_openssl] remove ancient preprocessor logic\n* [core] SHA512_Init, SHA512_Update, SHA512_Final\n* [mod_wolfssl] add complex preproc logic for SNI\n* [core] wrap a macro value with parens\n* [core] fix handling chunked response from backend (fixes #3044)\n* [core] always set file.fd = -1 on FILE_CHUNK reset (fixes #3044)\n* [core] skip some trace if backend Upgrade (#3044)\n* [TLS] cert-staple.sh POSIX sh compat (fixes #3043)\n* [core] portability fix if st_mtime not defined\n* [mod_nss] portability fix\n* [core] warn if mod_authn_file needed in conf\n* [core] fix chunked decoding from backend (fixes #3044)\n* [core] reject excess data after chunked encoding (#3046)\n* [core] track chunked encoding state from backend (fixes #3046)\n* [core] li_restricted_strtoint64()\n* [core] track Content-Length from backend (fixes #3046)\n* [core] enhance config parsing debugging (#3047)\n* [core] reorder srv-\u003econfig_context to match ndx (fixes #3047)\n* [mod_proxy] proxy.header = (\u0027force-http10\u0027 =\u003e ...)\n* [mod_authn_ldap] fix crash (fixes #3048)\n* [mod_authn_ldap, mod_vhostdb_ldap] default cafile\n* [core] fix array_copy_array() sorted[]\n* [multiple] replace fall through comment with attr\n* [core] fix crash printing trace if backend is down\n* [core] fix decoding chunked from backend (fixes #3049)\n* [core] attempt to quiet some coverity warnings\n* [core] perf: request processing\n* [core] http_header_str_contains_token()\n* [mod_flv_streaming] parse query string w/o copying\n* [mod_evhost] use local array to split values\n* [core] remove srv-\u003esplit_vals\n* [core] add User-Agent to http_header_e enum\n* [core] store struct server * in struct connection\n* [core] use func rc to indicate done reading header\n* [core] replace connection_set_state w/ assignment\n* [core] do not pass srv to http header parsing func\n* [core] cold buffer_string_prepare_append_resize()\n* [core] chunkqueue_compact_mem()\n* [core] connection_chunkqueue_compact()\n* [core] pass con around request, not srv and con\n* [core] reduce use of struct parse_header_state\n* [core] perf: HTTP header parsing using \\n offsets\n* [core] no need to pass srv to connection_set_state\n* [core] perf: connection_read_header_more()\n* [core] perf: connection_read_header_hoff() hot\n* [core] inline connection_read_header()\n* [core] pass ptr to http_request_parse()\n* [core] more \u0027const\u0027 in request.c prototypes\n* [core] handle common case of alnum or - field-name\n* [mod_extforward] simplify code: use light_isxdigit\n* [core] perf: array.c performance enhancements\n* [core] mark some data_* funcs cold\n* [core] http_header.c internal inline funcs\n* [core] remove unused array_reset()\n* [core] prefer uint32_t to size_t in base.h\n* [core] uint32_t for struct buffer sizes\n* [core] remove unused members of struct server\n* [core] short-circuit path to clear request.headers\n* [core] array keys are non-empty in key-value list\n* [core] keep a-\u003edata[] sorted; remove a-\u003esorted[]\n* [core] __attribute_returns_nonnull__\n* [core] differentiate array_get_* for ro and rw\n* [core] (const buffer *) in (struct burl_parts_t)\n* [core] (const buffer *) for con-\u003eserver_name\n* [core] perf: initialize con-\u003econf using memcpy()\n* [core] run config_setup_connection() fewer times\n* [core] isolate data_config.c, vector.c\n* [core] treat con-\u003econditional_is_valid as bitfield\n* [core] http_header_hkey_get() over const array\n* [core] inline buffer as part of DATA_UNSET key\n* [core] inline buffer key for *_patch_connection()\n* [core] (data_unset *) from array_get_element_klen\n* [core] inline buffer as part of data_string value\n* [core] add const to callers of http_header_*_get()\n* [core] inline array as part of data_array value\n* [core] const char *op in data_config\n* [core] buffer string in data_config\n* [core] streamline config_check_cond()\n* [core] keep a-\u003edata[] sorted (REVERT)\n* [core] array a-\u003esorted[] as ptrs rather than pos\n* [core] inline header and env arrays into con\n* [mod_accesslog] avoid alloc for parsing cookie val\n* [core] simpler config_check_cond()\n* [mod_redirect,mod_rewrite] store context_ndx\n* [core] const char *name in struct plugin\n* [core] srv-\u003eplugin_slots as compact list\n* [core] rearrange server_config, server members\n* [core] macros CONST_LEN_STR and CONST_STR_LEN\n* [core] struct plugin_data_base\n* [core] improve condition caching perf\n* [core] config_plugin_values_init() new interface\n* [mod_access] use config_plugin_values_init()\n* [core] (const buffer *) from strftime_cache_get()\n* [core] mv config_setup_connection to connections.c\n* [core] use (const char *) in config file parsing\n* [mod_staticfile] use config_plugin_values_init()\n* [mod_skeleton] use config_plugin_values_init()\n* [mod_setenv] use config_plugin_values_init()\n* [mod_alias] use config_plugin_values_init()\n* [mod_indexfile] use config_plugin_values_init()\n* [mod_expire] use config_plugin_values_init()\n* [mod_flv_streaming] use config_plugin_values_init()\n* [mod_magnet] use config_plugin_values_init()\n* [mod_usertrack] use config_plugin_values_init()\n* [mod_userdir] split policy from userdir path build\n* [mod_userdir] use config_plugin_values_init()\n* [mod_ssi] use config_plugin_values_init()\n* [mod_uploadprogress] use config_plugin_values_init()\n* [mod_status] use config_plugin_values_init()\n* [mod_cml] use config_plugin_values_init()\n* [mod_secdownload] use config_plugin_values_init()\n* [mod_geoip] use config_plugin_values_init()\n* [mod_evasive] use config_plugin_values_init()\n* [mod_trigger_b4_dl] use config_plugin_values_init()\n* [mod_accesslog] use config_plugin_values_init()\n* [mod_simple_vhost] use config_plugin_values_init()\n* [mod_evhost] use config_plugin_values_init()\n* [mod_vhostdb*] use config_plugin_values_init()\n* [mod_mysql_vhost] use config_plugin_values_init()\n* [mod_maxminddb] use config_plugin_values_init()\n* [mod_auth*] use config_plugin_values_init()\n* [mod_deflate] use config_plugin_values_init()\n* [mod_compress] use config_plugin_values_init()\n* [core] add xsendfile* check if xdocroot is NULL\n* [mod_cgi] use config_plugin_values_init()\n* [mod_dirlisting] use config_plugin_values_init()\n* [mod_extforward] use config_plugin_values_init()\n* [mod_webdav] use config_plugin_values_init()\n* [core] store addtl data in pcre_keyvalue_buffer\n* [mod_redirect] use config_plugin_values_init()\n* [mod_rewrite] use config_plugin_values_init()\n* [mod_rrdtool] use config_plugin_values_init()\n* [multiple] gw_backends config_plugin_values_init()\n* [core] config_get_config_cond_info()\n* [mod_openssl] use config_plugin_values_init()\n* [core] use config_plugin_values_init()\n* [core] collect more config logic into configfile.c\n* [core] config_plugin_values_init_block()\n* [core] gw_backend config_plugin_values_init_block\n* [core] remove old config_insert_values_*() funcs\n* [multiple] plugin.c handles common FREE_FUNC code\n* [core] run all trigger and sighup handlers\n* [mod_wstunnel] change DEBUG_LOG to use log_error()\n* [core] stat_cache_path_contains_symlink use errh\n* [core] isolate use of data_config, configfile.h\n* [core] split cond cache from cond matches\n* [mod_auth] inline arrays in http_auth_require_t\n* [core] array_init() arg for initial size\n* [core] gw_exts_clear_check_local()\n* [core] gw_backend less pointer chasing\n* [core] connection_handle_errdoc() separate func\n* [multiple] prefer (connection *) to (srv *)\n* [core] create http chunk header on the stack\n* [multiple] connection hooks no longer get (srv *)\n* [multiple] plugin_stats array\n* [core] read up-to fixed size chunk before fionread\n* [core] default chunk size 8k (was 4k)\n* [core] pass con around gw_backend instead of srv\n* [core] log_error_multiline_buffer()\n* [multiple] reduce direct use of srv-\u003ecur_ts\n* [multiple] extern log_epoch_secs\n* [multiple] reduce direct use of srv-\u003eerrh\n* [multiple] stat_cache singleton\n* [mod_expire] parse config into structured data\n* [multiple] generic config array type checking\n* [multiple] rename r to rc rv rd wr to be different\n* [core] (minor) config_plugin_keys_t data packing\n* [core] inline buffer in log_error_st errh\n* [multiple] store srv-\u003etmp_buf in tb var\n* [multiple] quiet clang compiler warnings\n* [core] http_status_set_error_close()\n* [core] http_request_host_policy w/ http_parseopts\n* [multiple] con-\u003eproto_default_port\n* [core] store log filename in (log_error_st *)\n* [core] separate log_error_open* funcs\n* [core] fdevent uses uint32_t instead of size_t\n* [mod_webdav] large buffer reuse\n* [mod_accesslog] flush file log buffer at 8k size\n* [core] include settings.h where used\n* [core] static buffers for mtime_cache\n* [core] convenience macros to check req methods\n* [core] support multiple error logs\n* [multiple] omit passing srv to fdevent_handler\n* [core] remove unused arg to fdevent_fcntl_set_nb*\n* [core] slightly simpify server_(over)load_check()\n* [core] isolate fdevent subsystem\n* [core] isolate stat_cache subsystem\n* [core] remove include base.h where unused\n* [core] restart dead piped loggers every 64 sec\n* [mod_webdav] use copy_file_range() if available\n* [core] perf: buffer copy and append\n* [core] copy some srv-\u003esrvconf into con-\u003econf\n* [core] move keep_alive flag into request_st\n* [core] pass scheme port to http_request_parse()\n* [core] pass http_parseopts around request.c\n* [core] rename specific_config to request_config\n* [core] move request_st,request_config to request.h\n* [core] pass (request_st *) to request.c funcs\n* [core] remove unused request_st member \u0027request\u0027\n* [core] rename content_length to reqbody_length\n* [core] t/test_request.c using (request_st *)\n* [core] (const connection *) in http_header_*_get()\n* [mod_accesslog] log_access_record() fmt log record\n* [core] move request start ts into (request_st *)\n* [core] move addtl request-specific struct members\n* [core] move addtl request-specific struct members\n* [core] move plugin_ctx into (request_st *)\n* [core] move addtl request-specific struct members\n* [core] move request state into (request_st *)\n* [core] store (plugin *) in p-\u003edata\n* [core] store subrequest_handler instead of mode\n* [multiple] copy small struct instead of memcpy()\n* [multiple] split con, request (very large change)\n* [core] r-\u003euri.path always set, though might be \u0027\u0027\n* [core] C99 restrict on some base funcs\n* [core] dispatch handler in handle_request func\n* [core] http_request_parse_target()\n* [mod_magnet] modify r-\u003etarget with \u0027uri.path-raw\u0027\n* [core] remove r-\u003euri.path_raw; generate as needed\n* [core] http_response_comeback()\n* [core] http_response_config()\n* [tests] use buffer_eq_slen() for str comparison\n* [core] http_status_append() short-circuit 200 OK\n* [core] mark some chunk.c funcs as pure\n* [core] use uint32_t in http_header.[ch]\n* [core] perf: tighten some code in some hot paths\n* [core] parse header label before end of line\n* [mod_auth] \u0027nonce_secret\u0027 option to validate nonce (fixes #2976)\n* [build] fix build on MacOS X Tiger\n* [doc] lighttpd.conf: lighttpd choose event-handler\n* [config] blank server.tag if whitespace-only\n* [mod_proxy] stream request using HTTP/1.1 chunked (fixes #3006)\n* [multiple] correct misspellings in comments\n* [multiple] fix some cc warnings in 32-bit, powerpc\n* [tests] fix skip count in mod-fastcgi w/o php-cgi\n* [multiple] ./configure --with-nettle to use Nettle\n* [core] skip excess close() when FD_CLOEXEC defined\n* [mod_cgi] remove redundant calls to set FD_CLOEXEC\n* [core] return EINVAL if stat_cache_get_entry w/o /\n* [mod_webdav] define PATH_MAX if not defined\n* [mod_accesslog] process backslash-escapes in fmt\n* [mod_openssl] disable cert vrfy if ALPN acme-tls/1\n* [core] add seed before openssl RAND_pseudo_bytes()\n* [mod_mbedtls] mbedTLS option for TLS\n* [core] prefer getxattr() instead of get_attr()\n* [multiple] use *(unsigned char *) with ctypes\n* [mod_openssl] do not log ECONNRESET unless debug\n* [mod_openssl] SSL_R_UNEXPECTED_EOF_WHILE_READING\n* [mod_gnutls] GnuTLS option for TLS (fixes #109)\n* [mod_openssl] rotate session ticket encryption key\n* [mod_openssl] set cert from callback in 1.0.2+ (fixes #2842)\n* [mod_openssl] set chains from callback in 1.0.2+ (#2842)\n* [core] RFC-strict parse of Content-Length\n* [build] point ./configure --help to support forum\n* [core] stricter parse of numerical digits\n* [multiple] add summaries to top of some modules\n* [core] sys-crypto-md.h w/ inline message digest fn\n* [mod_openssl] enable read-ahead, if set, after SNI\n* [mod_openssl] issue warning for deprecated options\n* [mod_openssl] use SSL_OP_NO_RENEGOTIATION if avail\n* [mod_openssl] use openssl feature define for ALPN\n* [mod_openssl] update default DH params\n* [core] SecureZeroMemory() on _WIN32\n* [core] safe memset calls memset() through volatile\n* [doc] update comments in doc/config/modules.conf\n* [core] more precise check for request stream flags\n* [mod_openssl] rotate session ticket encryption key\n* [mod_openssl] ssl.stek-file to specify encrypt key\n* [mod_mbedtls] ssl.stek-file to specify encrypt key\n* [mod_gnutls] ssl.stek-file to specify encrypt key\n* [mod_openssl] disable session cache; prefer ticket\n* [mod_openssl] compat with LibreSSL\n* [mod_openssl] compat with WolfSSL\n* [mod_openssl] set SSL_OP_PRIORITIZE_CHACHA\n* [mod_openssl] move SSL_CTX curve conf to new func\n* [mod_openssl] basic SSL_CONF_cmd for alt TLS libs\n* [mod_openssl] OCSP stapling (fixes #2469)\n* [TLS] cert-staple.sh - refresh OCSP responses (#2469)\n* [mod_openssl] compat with BoringSSL\n* [mod_gnutls] option to override GnuTLS priority\n* [mod_gnutls] OCSP stapling (#2469)\n* [mod_extforward] config warning for module order\n* [mod_webdav] store webdav.opts as bitflags\n* [mod_webdav] limit webdav_propfind_dir() recursion\n* [mod_webdav] unsafe-propfind-follow-symlink option\n* [mod_webdav] webdav.opts \u0027propfind-depth-infinity\u0027\n* [mod_openssl] detect certs marked OCSP Must-Staple\n* [mod_gnutls] detect certs marked OCSP Must-Staple\n* [mod_openssl] default to set MinProtocol TLSv1.2\n* [mod_nss] NSS option for TLS (fixes #1218)\n* [core] fdevent_load_file() shared code\n* [mod_openssl,mbedtls,gnutls,nss] fdevent_load_file\n* [core] error if s-\u003esocket_perms chmod() fails\n* [mod_openssl] prefer some WolfSSL native APIs\n* quiet clang analyzer scan-build warnings\n* [core] uint32_t is plenty large for path names\n* [mod_mysql_vhost] deprecated; use mod_vhostdb_mysql\n* [core] splaytree_djbhash() in splaytree.h (reuse)\n* [cmake] update deps for src/t/test_*\n* [cmake] update deps for src/t/test_*\n* [build] remove tests/mod-userdir.t from builds\n* [build] fix typo in src/Makefile.am EXTRA_DIST\n* [core] remove unused mbedtls_enabled flag\n* [core] store fd in srv-\u003estdin_fd during setup\n* [multiple] address coverity warnings\n* [mod_webdav] fix theoretical NULL dereference\n* [mod_webdav] update rc for PROPFIND allprop\n* [mod_webdav] build fix: ifdef live_properties\n* [multiple] address coverity warnings\n* [meson] fix libmariadb dependency\n* [meson] add missing libmaxminddb section\n* [mod_auth,mod_vhostdb] add caching option (fixes #2805)\n* [mod_authn_ldap,mod_vhostdb_ldap] add timeout opt (#2805)\n* [mod_auth] accept \u0027nonce-secret\u0027 \u0026 \u0027nonce_secret\u0027\n* [mod_openssl] fix build warnings on MacOS X\n* [core] Nettle assert()s if buffer len \u003e digest sz\n* [mod_authn_dbi] authn backend employing DBI\n* [mod_authn_mysql,file] use crypt() to save stack\n* [mod_vhostdb_dbi] allow strings and ints in config\n* add ci-build.sh\n* move ci-build.sh to scripts\n* [build] build fixes for AIX\n* [mod_deflate] Brotli support\n* [build] bzip2 default to not-enabled in build\n* [mod_deflate] fix typo in config option\n* [mod_deflate] propagate errs from internal funcs\n* [mod_deflate] deflate.cache-dir compressed cache\n* [mod_deflate] mod_deflate subsumes mod_compress\n* [doc] mod_compress -\u003e mod_deflate\n* [tests] mod_compress -\u003e mod_deflate\n* [mod_compress] remove mod_compress\n* [build] add --with-brotli to CI build\n* [core] server.feature-flags extensible config\n* [core] con layer plugin_ctx separate from request\n* [multiple] con hooks store ctx in con-\u003eplugin_ctx\n* [core] separate funcs to reset (request_st *)\n* [multiple] rename connection_reset hook to request\n* [mod_nss] func renames for consistency\n* [core] detect and reject TLS connect to cleartext\n* [mod_deflate] quicker check for Content-Encoding\n* [mod_openssl] read secret data w/ BIO_new_mem_buf\n* [core] decode Transfer-Encoding: chunked from gw\n* [mod_fastcgi] decode Transfer-Encoding: chunked\n* [core] stricter parsing of POST chunked block hdr\n* [mod_proxy] send HTTP/1.1 requests to backends\n* [tests] test_base64.c clear buf vs reset\n* [core] http_header_remove_token()\n* [mod_webdav] fix inadvertent string truncation\n* [core] add some missing standard includes\n* [mod_extforward] attempt to quiet Coverity warning\n* [mod_authn_dbi,mod_authn_mysql] fix coverity issue\n* scons: fix check environment\n* Add avahi service file under doc/avahi/\n* [mod_webdav] fix fallback if linkat() fails\n* [mod_proxy] do not forward Expect: 100-continue\n* [core] chunkqueue_compact_mem() must upd cq-\u003elast\n* [core] dlsym for FAMNoExists() for compat w/ fam\n* [core] disperse settings.h to appropriate headers\n* [core] inline buffer_reset()\n* [mod_extforward] save proto per connection\n* [mod_extforward] skip after HANDLER_COMEBACK\n* [core] server.feature-flags to enable h2\n* [core] HTTP_VERSION_2\n* [multiple] allow TLS ALPN \u0027h2\u0027 if \u0027server.h2proto\u0027\n* [mod_extforward] preserve changed addr for h2 con\n* [core] do not send Connection: close if h2\n* [core] lowercase response hdr field names for h2\n* [core] recognize status: 421 Misdirected Request\n* [core] parse h2 pseudo-headers\n* [core] request_headers_process()\n* [core] connection_state_machine_loop()\n* [core] reset connection counters per connection\n* [mod_accesslog,mod_rrdtool] HTTP/2 basic accounting\n* [core] connection_set_fdevent_interest()\n* [core] HTTP2-Settings\n* [core] adjust http_request_headers_process()\n* [core] http_header_parse_hoff()\n* [core] move http_request_headers_process()\n* [core] reqpool.[ch] for (request_st *)\n* [multiple] modules read reqbody via fn ptr\n* [multiple] isolate more con code in connections.c\n* [core] isolate more resp code in response.c\n* [core] h2.[ch] with stub funcs (incomplete)\n* [core] alternate between two joblists\n* [core] connection transition to HTTP/2; incomplete\n* [core] mark some error paths with attribute cold\n* [core] discard 100 102 103 responses from backend\n* [core] skip write throttle for 100 Continue\n* [core] adjust (disabled) debug code\n* [core] update comment\n* [core] link in ls-hpack (EXPERIMENTAL)\n* [core] HTTP/2 HPACK using LiteSpeed ls-hpack\n* [core] h2_send_headers() specialized for resp hdrs\n* [core] http_request_parse_header() specialized\n* [core] comment possible future ls-hpack optimize\n* [mod_status] separate funcs to print request table\n* [mod_status] adjust to print HTTP/2 requests\n* [core] redirect to dir using relative-path\n* [core] ignore empty field-name from backends\n* [mod_auth] fix crash if auth.require misconfigured (fixes #3023)\n* [core] fix 1-char trunc of default server.tag\n* [core] request_acquire(), request_release()\n* [core] keep pool of (request_st *) for HTTP/2\n* [mod_status] dedicated funcs for r-\u003estate labels\n* [core] move connections_get_state to connections.c\n* [core] fix crash on master after graceful restart\n* [core] defer optimization to read small files\n* [core] do not require \u0027\\0\u0027 term for k,v hdr parse\n* [scripts] cert-staple.sh enhancements\n* [core] document algorithm used in lighttpd etag\n* [core] ls-hpack optimizations\n* [core] fix crash on master if blank line request\n* [core] use djbhash in gw_backend to choose host\n* [core] rename md5.[ch] to algo_md5.[ch]\n* [core] move djbhash(), dekhash() to algo_md.h\n* [core] rename splaytree.[ch] to algo_splaytree.[ch]\n* [core] import xxHash v0.8.0\n* [build] modify build, includes for xxHash v0.8.0\n* [build] remove ls-hpack/deps\n* [core] xxhash no inline hints; let compiler choose\n* [mod_dirlisting] fix config parsing crash\n* [mod_openssl] clarify trace w/ deprecated options\n* [doc] refresh doc/config/*/*\n* [core] code size: disable XXH64(), XXH3()\n* [doc] update README and INSTALL\n* [core] combine Cookie request headers with \u0027;\u0027\n* [core] log stream id with debug.log-state-handling\n* [core] set r-\u003estate in h2.c\n* [mod_ssi] update chunk after shell output redirect\n* [mod_webdav] preserve bytes_out when chunks merged\n* [multiple] inline chunkqueue_length()\n* [core] cold h2_log_response_header*() funcs\n* [core] update HTTP status codes list from IANA\n* [mod_wolfssl] standalone module\n* [core] Content-Length in http_response_send_file()\n* [core] adjust response header prep for common case\n* [core] light_isupper(), light_islower()\n* [core] tst,set,clr macros for r-\u003e{rqst,resp}_htags\n* [core] separate http_header_e from _htags bitmask\n* [core] http_header_hkey_get_lc() for HTTP/2\n* [core] array.[ch] using uint32_t instead of size_t\n* [core] extend (data_string *) to store header id\n* [multiple] extend enum http_header_e list\n* [core] http_header_e \u003c=\u003e lshpack_static_hdr_idx\n* [core] skip ls-hpack decode work unused by lighttpd\n* [TLS] error if inherit empty TLS cfg from globals\n* [core] connection_check_expect_100()\n* [core] support multiple 1xx responses from backend\n* [core] reload c after chunkqueue_compact_mem()\n* [core] relay 1xx from backend over HTTP/2\n* [core] relay 1xx from backend over HTTP/1.1\n* [core] chunkqueue_{peek,read}_data(), squash\n* [multiple] TLS modules use chunkqueue_peek_data()\n* [mod_magnet] magnet.attract-response-start-to\n* [multiple] code reuse chunkqueue_peek_data()\n* [core] reuse r-\u003estart_hp.tv_sec for r-\u003estart_ts\n* [core] config_plugin_value_tobool() accept \u00270\u0027,\u00271\u0027\n* [core] graceful and immediate restart option\n* [mod_ssi] init status var before waitpid()\n* [core] graceful shutdown timeout option\n* [core] lighttpd -1 supports pipes (e.g. netcat)\n* [core] perf adjustments to avoid load miss\n* [multiple] use sock_addr_get_family in more places\n* [multiple] inline chunkqueue where always alloc\u0027d\n* [core] propagate state after writing\n* [core] server_run_con_queue()\n* [core] defer handling FDEVENT_HUP and FDEVENT_ERR\n* [core] handle unexpected EOF reading FILE_CHUNK\n* [core] short-circuit connection_write_throttle()\n* [core] walk queue in connection_write_chunkqueue()\n* [core] connection_joblist global\n* [core] be more precise checking streaming flags\n* [core] fdevent_load_file_bytes()\n* [TLS] use fdevent_load_file_bytes() for STEK file\n* [core] allow symlinks under /dev for rand devices\n* [multiple] use light_btst() for hdr existence chk\n* [mod_deflate] fix potential NULL deref in err case\n* [core] save errno around close() if fstat() fails\n* [mod_ssi] use stat_cache_open_rdonly_fstat()\n* [core] fdevent_dup_cloexec()\n* [core] dup FILE_CHUNK fd when splitting FILE_CHUNK\n* [core] stat_cache_path_isdir()\n* [multiple] use stat_cache_path_isdir()\n* [mod_mbedtls] quiet CLOSE_NOTIFY after conn reset\n* [mod_gnutls] quiet CLOSE_NOTIFY after conn reset\n* [core] limit num ranges in Range requests\n* [core] remove unused r-\u003econtent_length\n* [core] http_response_parse_range() const file sz\n* [core] pass open fd to http_response_parse_range\n* [core] stat_cache_get_entry_open()\n* [core,mod_deflate] leverage cache of open fd\n* [doc] comment out config disabling Range for .pdf\n* [core] coalesce nearby ranges in Range requests\n* [mod_fastcgi] decode chunked is cold code path\n* [core] fix chunkqueue_compact_mem w/ partial chunk\n* [core] alloc optim reading file, sending chunked\n* [core] reuse chunkqueue_compact_mem*()\n* [mod_cgi] use splice() to send input to CGI\n* [multiple] ignore openssl 3.0.0 deprecation warns\n* [mod_openssl] migrate ticket cb to openssl 3.0.0\n* [mod_openssl] construct OSSL_PARAM on stack\n* [mod_openssl] merge ssl_tlsext_ticket_key_cb impls\n* [multiple] openssl 3.0.0 digest interface migrate\n* [tests] detect multiple SSL/TLS/crypto providers\n* [core] sys-crypto-md.h consistent interfaces\n* [wolfssl] wolfSSL_CTX_set_mode differs from others\n* [multiple] use NSS crypto if no other crypto avail\n* [multiple] stat_cache_path_stat() for struct st\n* [TLS] ignore empty \u0027CipherString\u0027 in ssl-conf-cmd\n* [multiple] remove chunk file.start member\n* [core] modify use of getrlimit() to not be fatal\n* [mod_webdav] add missing update to cq accounting\n* [mod_webdav] update defaults after worker_init\n* [mod_openssl] use newer openssl 3.0.0 func\n* [core] config_plugin_value_to_int32()\n* [core] minimize pause during graceful restart\n* [mod_deflate] use large mmap chunks to compress\n* [core] stat_cache_entry reference counting\n* [core] FILE_CHUNK can hold stat_cache_entry ref\n* [core] http_chunk_append_file_ref_range()\n* [multiple] use http_chunk_append_file_ref()\n* [core] always lseek() with shared fd\n* [core] silence coverity warnings (false positives)\n* [core] silence coverity warnings in ls-hpack\n* [core] silence coverity warnings (another try)\n* [core] fix fd sharing when splitting file chunk\n* [mod_mbedtls] quiet unused variable warning\n* [core] use inline funcs in sys-crypto-md.h\n* [core] add missing declaration for NSS rand\n* [core] init NSS lib for basic crypto algorithms\n* [doc] change mod_compress refs to mod_deflate\n* [doc] replace bzip2 refs with brotli\n* [build] remove svnversion from versionstamp rule\n* [doc] /var/run -\u003e /run\n* [multiple] test for nss includes\n* [mod_nss] more nss includes fixes\n* [mod_webdav] define _NETBSD_SOURCE on NetBSD\n* [core] silence coverity warnings (another try)\n* [mod_mbedtls] newer mbedTLS vers support TLSv1.3\n* [mod_accesslog] update defaults after cycling log\n* [multiple] add some missing config cleanup\n* [core] fix (startup) mem leaks in configparser.y\n* [core] STAILQ_* -\u003e SIMPLEQ_* on OpenBSD\n* [mod_wolfssl] use more wolfssl/options.h defines\n* [mod_wolfssl] cripple SNI if not built OPENSSL_ALL\n* [mod_wolfssl] need to build --enable-alpn for ALPN\n* [mod_secdownload] fix compile w/ NSS on FreeBSD\n* [mod_mbedtls] wrap addtl code in preproc defines\n* [TLS] server.feature-flags \u0027ssl.session-cache\u0027\n* [core] workaround fragile code in wolfssl types.h\n* [core] move misplaced error trace to match option\n* [core] adjust wolfssl workaround for another case\n* [multiple] consistent order for crypto lib select\n* [multiple] include mbedtls/config.h after select\n* [multiple] include wolfssl/options.h after select\n* [core] set NSS_VER_INCLUDE after crypto lib select\n* [core] use system xxhash lib if available\n* [doc] refresh doc/config/conf.d/mime.conf\n* [meson] add matching -I for lua lib version\n* [build] prepend search for lua version 5.4\n* [core] use inotify in stat_cache.[ch] on Linux\n* [build] detect inotify header \u003csys/inotify.h\u003e\n* [mod_nss] update session ticket NSS devel comment\n* [core] set last_used on rd/wr from backend (fixes #3029)\n* [core] cold func for gw_recv_response error case\n* [core] use kqueue() instead of FAM/gamin on *BSD\n* [core] no graceful-restart-bg on OpenBSD, NetBSD\n* [mod_openssl] add LIBRESSL_VERSION_NUMBER checks\n* [core] use struct kevent on stack in stat_cache\n* [core] stat_cache preprocessor paranoia\n* [mod_openssl] adjust LIBRESSL_VERSION_NUMBER check\n* [mod_maxminddb] fix config validation typo\n* [tests] allow LIGHTTPD_EXE_PATH override\n* [multiple] handle NULL val as empty in *_env_add (fixes #3030)\n* [core] accept \u0027HTTP/2.0\u0027, \u0027HTTP/3.0\u0027 from backends (fixes #3031)\n* [build] check for xxhash in more ways\n* [core] accept \u0027HTTP/2.0\u0027, \u0027HTTP/3.0\u0027 from backends (#3031)\n* [core] http_response_buffer_append_authority()\n* [core] define SHA*_DIGEST_LENGTH macros if missing\n* [doc] update optional pkg dependencies in INSTALL\n* [mod_alias] validate given order, not sorted order\n* [core] filter out duplicate modules\n* [mod_cgi] fix crash if initial write to CGI fails\n* [mod_cgi] ensure tmp file open() before splice()\n* [multiple] add back-pressure gw data pump (fixes #3033)\n* [core] fix bug when HTTP/2 frames span chunks\n* [multiple] more forgiving config str to boolean (fixes #3036)\n* [core] check for __builtin_expect() availability\n* [core] quiet more request parse errs unless debug\n* [core] consolidate chunk size checks\n* [mod_flv_streaming] use stat_cache_get_entry_open\n* [mod_webdav] pass full path to webdav_unlinkat()\n* [mod_webdav] fallbacks if _ATFILE_SOURCE not avail\n* [mod_fastcgi] move src/fastcgi.h into src/compat/\n* [mod_status] add additional HTML-encoding\n* [core] server.v4mapped option\n* [mod_webdav] workaround for gvfs dir redir bug\n\n- Remove SuSEfirewall2 service files, SuSEfirewall2 does not exist\n anymore\n\n- Changed /etc/logrotate.d/lighttpd from init.d to systemd\n fix boo#1146452. \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-24",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0024-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0024-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6P5G6MJW4Q5RKKPO7TS5CLAAEQ2QUYBE/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0024-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6P5G6MJW4Q5RKKPO7TS5CLAAEQ2QUYBE/"
},
{
"category": "self",
"summary": "SUSE Bug 1146452",
"url": "https://bugzilla.suse.com/1146452"
},
{
"category": "self",
"summary": "SUSE Bug 1181400",
"url": "https://bugzilla.suse.com/1181400"
},
{
"category": "self",
"summary": "SUSE Bug 1194376",
"url": "https://bugzilla.suse.com/1194376"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22707 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22707/"
}
],
"title": "Security update for lighttpd",
"tracking": {
"current_release_date": "2022-02-02T12:46:24Z",
"generator": {
"date": "2022-02-02T12:46:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0024-1",
"initial_release_date": "2022-02-02T12:46:24Z",
"revision_history": [
{
"date": "2022-02-02T12:46:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "lighttpd-1.4.64-bp153.2.3.1.aarch64",
"product": {
"name": "lighttpd-1.4.64-bp153.2.3.1.aarch64",
"product_id": "lighttpd-1.4.64-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.aarch64",
"product": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.aarch64",
"product_id": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.aarch64",
"product": {
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.aarch64",
"product_id": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.aarch64",
"product": {
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.aarch64",
"product_id": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.aarch64",
"product": {
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.aarch64",
"product_id": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.aarch64",
"product": {
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.aarch64",
"product_id": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.aarch64",
"product": {
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.aarch64",
"product_id": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.aarch64",
"product": {
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.aarch64",
"product_id": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.aarch64",
"product": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.aarch64",
"product_id": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.aarch64",
"product": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.aarch64",
"product_id": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.aarch64",
"product": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.aarch64",
"product_id": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.aarch64",
"product": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.aarch64",
"product_id": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.aarch64",
"product": {
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.aarch64",
"product_id": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "lighttpd-1.4.64-bp153.2.3.1.i586",
"product": {
"name": "lighttpd-1.4.64-bp153.2.3.1.i586",
"product_id": "lighttpd-1.4.64-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.i586",
"product": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.i586",
"product_id": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.i586",
"product": {
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.i586",
"product_id": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.i586",
"product": {
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.i586",
"product_id": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.i586",
"product": {
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.i586",
"product_id": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.i586",
"product": {
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.i586",
"product_id": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.i586",
"product": {
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.i586",
"product_id": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.i586",
"product": {
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.i586",
"product_id": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.i586",
"product": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.i586",
"product_id": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.i586",
"product": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.i586",
"product_id": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.i586",
"product": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.i586",
"product_id": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.i586",
"product": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.i586",
"product_id": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.i586",
"product": {
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.i586",
"product_id": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "lighttpd-1.4.64-bp153.2.3.1.ppc64le",
"product": {
"name": "lighttpd-1.4.64-bp153.2.3.1.ppc64le",
"product_id": "lighttpd-1.4.64-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.ppc64le",
"product": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.ppc64le",
"product_id": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.ppc64le",
"product": {
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.ppc64le",
"product_id": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.ppc64le",
"product": {
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.ppc64le",
"product_id": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.ppc64le",
"product": {
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.ppc64le",
"product_id": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.ppc64le",
"product": {
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.ppc64le",
"product_id": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.ppc64le",
"product": {
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.ppc64le",
"product_id": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.ppc64le",
"product": {
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.ppc64le",
"product_id": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.ppc64le",
"product": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.ppc64le",
"product_id": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.ppc64le",
"product": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.ppc64le",
"product_id": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.ppc64le",
"product": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.ppc64le",
"product_id": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.ppc64le",
"product": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.ppc64le",
"product_id": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.ppc64le",
"product": {
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.ppc64le",
"product_id": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "lighttpd-1.4.64-bp153.2.3.1.s390x",
"product": {
"name": "lighttpd-1.4.64-bp153.2.3.1.s390x",
"product_id": "lighttpd-1.4.64-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.s390x",
"product": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.s390x",
"product_id": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.s390x",
"product": {
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.s390x",
"product_id": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.s390x",
"product": {
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.s390x",
"product_id": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.s390x",
"product": {
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.s390x",
"product_id": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.s390x",
"product": {
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.s390x",
"product_id": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.s390x",
"product": {
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.s390x",
"product_id": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.s390x",
"product": {
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.s390x",
"product_id": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.s390x",
"product": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.s390x",
"product_id": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.s390x",
"product": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.s390x",
"product_id": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.s390x",
"product": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.s390x",
"product_id": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.s390x",
"product": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.s390x",
"product_id": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.s390x",
"product": {
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.s390x",
"product_id": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "lighttpd-1.4.64-bp153.2.3.1.x86_64",
"product": {
"name": "lighttpd-1.4.64-bp153.2.3.1.x86_64",
"product_id": "lighttpd-1.4.64-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.x86_64",
"product": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.x86_64",
"product_id": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.x86_64",
"product": {
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.x86_64",
"product_id": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.x86_64",
"product": {
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.x86_64",
"product_id": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.x86_64",
"product": {
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.x86_64",
"product_id": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.x86_64",
"product": {
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.x86_64",
"product_id": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.x86_64",
"product": {
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.x86_64",
"product_id": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.x86_64",
"product": {
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.x86_64",
"product_id": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.x86_64",
"product": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.x86_64",
"product_id": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.x86_64",
"product": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.x86_64",
"product_id": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.x86_64",
"product": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.x86_64",
"product_id": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.x86_64",
"product": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.x86_64",
"product_id": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.x86_64",
"product": {
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.x86_64",
"product_id": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP3",
"product": {
"name": "SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-1.4.64-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-1.4.64-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-1.4.64-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-1.4.64-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-1.4.64-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-1.4.64-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-1.4.64-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-1.4.64-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-1.4.64-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-1.4.64-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_magnet-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.aarch64"
},
"product_reference": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.i586"
},
"product_reference": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.ppc64le"
},
"product_reference": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.s390x"
},
"product_reference": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.x86_64"
},
"product_reference": "lighttpd-mod_webdav-1.4.64-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-22707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22707"
}
],
"notes": [
{
"category": "general",
"text": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22707",
"url": "https://www.suse.com/security/cve/CVE-2022-22707"
},
{
"category": "external",
"summary": "SUSE Bug 1194376 for CVE-2022-22707",
"url": "https://bugzilla.suse.com/1194376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_magnet-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.i586",
"openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:lighttpd-mod_webdav-1.4.64-bp153.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T12:46:24Z",
"details": "moderate"
}
],
"title": "CVE-2022-22707"
}
]
}
ghsa-j3jp-95wp-9q83
Vulnerability from github
Published
2022-01-07 00:00
Modified
2022-01-14 00:03
VLAI Severity ?
Details
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes), as demonstrated by remote denial of service (daemon crash).
{
"affected": [],
"aliases": [
"CVE-2022-22707"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-06T06:15:00Z",
"severity": "MODERATE"
},
"details": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes), as demonstrated by remote denial of service (daemon crash).",
"id": "GHSA-j3jp-95wp-9q83",
"modified": "2022-01-14T00:03:06Z",
"published": "2022-01-07T00:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22707"
},
{
"type": "WEB",
"url": "https://redmine.lighttpd.net/issues/3134"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5040"
}
],
"schema_version": "1.4.0",
"severity": []
}
fkie_cve-2022-22707
Vulnerability from fkie_nvd
Published
2022-01-06 06:15
Modified
2024-11-21 06:47
Severity ?
Summary
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://redmine.lighttpd.net/issues/3134 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://www.debian.org/security/2022/dsa-5040 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://redmine.lighttpd.net/issues/3134 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5040 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lighttpd | lighttpd | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "204D3986-08C3-45EB-BA51-2D115E73947E",
"versionEndIncluding": "1.4.63",
"versionStartIncluding": "1.4.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system."
},
{
"lang": "es",
"value": "En lighttpd versiones 1.4.46 hasta 1.4.63, la funci\u00f3n mod_extforward_Forwarded del plugin mod_extforward tiene un desbordamiento de b\u00fafer basado en la pila (4 bytes que representan -1), como lo demuestra la denegaci\u00f3n de servicio remota (ca\u00edda del demonio) en una configuraci\u00f3n no predeterminada. La configuraci\u00f3n no predeterminada requiere el manejo de la cabecera Forwarded de una manera algo inusual. Adem\u00e1s, es mucho m\u00e1s probable que un sistema de 32 bits se vea afectado que un sistema de 64 bits"
}
],
"id": "CVE-2022-22707",
"lastModified": "2024-11-21T06:47:17.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-06T06:15:07.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://redmine.lighttpd.net/issues/3134"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://redmine.lighttpd.net/issues/3134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5040"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…